chore(deps): update uv.lock dependencies #733
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run ASH | |
| on: | |
| pull_request: | |
| branches: | |
| - "*" | |
| merge_group: | |
| workflow_dispatch: {} | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| permissions: | |
| contents: read | |
| jobs: | |
| ash: | |
| # uses: awslabs/automated-security-helper/.github/workflows/run-ash-security-scan.yml@v3.0.0-beta | |
| uses: ./.github/workflows/run-ash-security-scan.yml | |
| permissions: | |
| contents: read # Required to read the repository contents in order to scan them with ASH | |
| checks: write # Required for writing CI check runs | |
| pull-requests: write # Required for writing comments with scan results to pull requests | |
| security-events: write # Required for collection of SARIF code scanning results for GitHub Advanced Security checks | |
| with: | |
| # For PR runs, install ASH from the PR's head repo and branch so fork PRs work. | |
| # For non-PR runs (workflow_dispatch, push), use the current repo and ref. | |
| ash-version: ${{ github.head_ref || github.ref_name }} | |
| ash-repo: ${{ github.event.pull_request.head.repo.full_name || github.repository }} | |
| # This repo uses GitHub Advanced Security. If you do not use GitHub Advanced Security, | |
| # it is recommended to set this to `false` to prevent failures during SARIF report | |
| # collection. | |
| collect-sarif-report: true | |
| # Set this to `false` if you would prefer that ASH does not comment on PRs with the findings. | |
| post-pr-comment: true | |
| # Set this to `false` if you prefer less verbose log output | |
| verbose: true | |
| # Install Grype and Syft for comprehensive vulnerability scanning | |
| install-grype: true | |
| install-syft: true | |
| install-opengrep: true |