Skip to content

OSV Scanner

OSV Scanner #18

Workflow file for this run

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: OSV Scanner
on:
workflow_dispatch:
schedule:
- cron: "0 0 1 * *"
jobs:
run-osv-scanner:
name: Run OSV Scanner
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Pull OSV Scanner Docker image
run: docker pull ghcr.io/google/osv-scanner:latest
- name: Scan for vulnerabilities
run: |
echo -e '<!--\n ~ Licensed to the Apache Software Foundation (ASF) under one or more\n ~ contributor license agreements. See the NOTICE file distributed with\n ~ this work for additional information regarding copyright ownership.\n ~ The ASF licenses this file to You under the Apache License, Version 2.0\n ~ (the "License"); you may not use this file except in compliance with\n ~ the License. You may obtain a copy of the License at\n ~\n ~ http://www.apache.org/licenses/LICENSE-2.0\n ~\n ~ Unless required by applicable law or agreed to in writing, software\n ~ distributed under the License is distributed on an "AS IS" BASIS,\n ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n ~ See the License for the specific language governing permissions and\n ~ limitations under the License.\n ~\n -->' > VULNERABILITY.md
docker run --rm -v $PWD:/repo -w /repo ghcr.io/google/osv-scanner --format markdown -r . 2>&1 | grep -vE '^((Scanning|Scanned|Failed).*)$' >> VULNERABILITY.md
continue-on-error: true
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v7
with:
token: ${{ secrets.GITHUB_TOKEN }}
committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
signoff: true
title: Monthly update of vulnerability report
commit-message: monthly update of vulnerability report
body: |
Update *Vulnerablity* report
delete-branch: true
reviewers: "dominikriemer,tenthe,svenO3,smlabt,grainier,RobertIndie,bossenti"