Skip to content
This repository has been archived by the owner on Feb 26, 2024. It is now read-only.

Commit

Permalink
Adding ProdSec consolidated workflow files
Browse files Browse the repository at this point in the history
  • Loading branch information
arencro committed Jan 12, 2024
1 parent d365fee commit 2eb9b1f
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions .github/workflows/Prodsec_Workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Product Security tooling
# Runs Manifest SBOM generation and Dependency Check Scanning
---
name: Product Security Tooling

'on':
pull_request:
release:
types:
- created

jobs:
sbom_generator:
if: github.event_name == 'release'
uses: HealthByRo/ro-github-actions/.github/workflows/manifest_sbom.yml@main
with:
languages: '["JavaScript"]'
secrets:
ssh_key: ${{ secrets.SSH_RO_CI_DEPLOY }}
manifest_key: ${{ secrets.MANIFEST_SBOM }}

dependency-check:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Dependency Check
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
license-check: false

0 comments on commit 2eb9b1f

Please sign in to comment.