Skip to content

Procedural Scheduling #2159

Procedural Scheduling

Procedural Scheduling #2159

Workflow file for this run

name: Security Scan
on:
pull_request:
branches:
- develop
- dev-[0-9]+.[0-9]+.[0-9]+
push:
branches:
- develop
tags:
- v*
workflow_dispatch:
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: write
security-events: write
strategy:
fail-fast: false
matrix:
language: ["java", "javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: +security-extended
tools: latest
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "21"
- name: Build
run: |
./gradlew testClasses
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: NASA Scrub
run: |
python3 -m pip install nasa-scrub
results_dir=`realpath ${{ github.workspace }}/../results`
sarif_files=`find $results_dir -name '*.sarif'`
for sarif_file in $sarif_files
do
output_file="$results_dir/$(basename $sarif_file .sarif).scrub"
python3 -m scrub.tools.parsers.translate_results $sarif_file $output_file ${{ github.workspace }} scrub
done
python3 -m scrub.tools.parsers.csv_parser $results_dir
echo "RESULTS_DIR=$results_dir" >> $GITHUB_ENV
- name: Upload Security Scan Results
uses: actions/upload-artifact@v4
with:
name: Security Scan Results - ${{ matrix.language }}
path: ${{ env.RESULTS_DIR }}