Skip to content

Commit 18c46d1

Browse files
CommanderK5CommanderK5
committed
Run OSV-Scanner as direct action
1 parent 18562f2 commit 18c46d1

File tree

3 files changed

+33
-12
lines changed

3 files changed

+33
-12
lines changed

.github/workflows/osv-scanner.yaml

Lines changed: 28 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,31 @@ concurrency:
2020
jobs:
2121
scan-vulnerable-lockfile:
2222
name: Scan vulnerable lockfile with OSV-Scanner
23-
uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.0
24-
with:
25-
scan-args: |-
26-
--lockfile=./fixtures/vulnerable/package-lock.json
27-
results-file-name: osv-results-vuln.sarif
28-
upload-sarif: true
29-
fail-on-vuln: false
23+
runs-on: ubuntu-22.04
24+
steps:
25+
- name: Checkout repository
26+
uses: actions/checkout@v5
27+
28+
- name: Run OSV-Scanner
29+
id: osv
30+
continue-on-error: true
31+
uses: google/osv-scanner-action/osv-scanner-action@v2.3.1
32+
with:
33+
scan-args: |-
34+
--lockfile=./fixtures/vulnerable/package-lock.json
35+
--format=sarif
36+
--output=./osv-results-vuln.sarif
37+
38+
- name: Upload SARIF to GitHub Security
39+
if: always()
40+
uses: github/codeql-action/upload-sarif@v4
41+
with:
42+
sarif_file: ./osv-results-vuln.sarif
43+
44+
- name: Upload SARIF artifact
45+
if: always()
46+
uses: actions/upload-artifact@v4
47+
with:
48+
name: osv-results-vuln-sarif
49+
path: ./osv-results-vuln.sarif
50+
if-no-files-found: error

fixtures/vulnerable/package-lock.json

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

fixtures/vulnerable/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,6 @@
1111
"license": "ISC",
1212
"type": "commonjs",
1313
"dependencies": {
14-
"minimist": "^1.2.6"
14+
"minimist": "0.0.8"
1515
}
1616
}

0 commit comments

Comments
 (0)