You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.2 KiB
51 lines
1.2 KiB
name: Scan |
|
|
|
on: |
|
workflow_dispatch: |
|
push: |
|
branches: |
|
- "main" |
|
pull_request: |
|
types: [opened, synchronize, reopened] |
|
branches-ignore: |
|
- main |
|
pull_request_target: |
|
types: [opened, synchronize, reopened] |
|
branches: |
|
- "main" |
|
|
|
permissions: {} |
|
|
|
jobs: |
|
check-run: |
|
name: Check PR run |
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main |
|
permissions: |
|
contents: read |
|
|
|
sast: |
|
name: Checkmarx |
|
uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main |
|
needs: check-run |
|
secrets: |
|
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} |
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} |
|
permissions: |
|
contents: read |
|
pull-requests: write |
|
security-events: write |
|
id-token: write |
|
|
|
quality: |
|
name: Sonar |
|
uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main |
|
needs: check-run |
|
secrets: |
|
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
|
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} |
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} |
|
permissions: |
|
contents: read |
|
pull-requests: write |
|
id-token: write
|
|
|