Supply Chain Security Validation

The workflow executes supply chain security tools and reports the results.

Usage

Run the workflow on pull requests, pushes to any branch and on a weekly schedule on the default branch.

---
name: Security
on:
  push: {}
  pull_request: {}
  schedule:
    - cron: '0 0 * * 1'
jobs:
  supply-chain-security-validation:
    name: Supply Chain
    uses: coopnorge/github-workflow-supply-chain-security-validation/.github/workflows/supply-chain-security-validation.yaml@main

Maven

If you add a secret called MAVEN_SETTINGS_BASE64 and fill it with a base64 encoded maven settings.xml it will write the maven settings to ~/.m2/settings.xml

Parameters

`codeql-code-scanning-config-file`

CodeQL configuration file

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Supply Chain Security Validation

Usage

Maven

Parameters

`codeql-code-scanning-config-file`

FilesExpand file tree

README.md

Latest commit

History

README.md

File metadata and controls

Supply Chain Security Validation

Usage

Maven

Parameters

codeql-code-scanning-config-file

`codeql-code-scanning-config-file`