Merge pull request #526 from navapbc/mqwebster/lambda-updates #734

Workflow file for this run

.github/workflows/code-scanning.yml at 039ac85

	name: "Code Scanning"

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	schedule:
	- cron: '35 8 * * 1-5'

	permissions:
	contents: read

	jobs:
	dependency-review:
	name: Dependency Review
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	steps:
	- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	github.com:443
	api.securityscorecards.dev
	api.deps.dev
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	show-progress: 'false'
	persist-credentials: 'false'
	- uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3

	codeql:
	name: CodeQL
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	github.com:443
	objects.githubusercontent.com:443
	proxy.golang.org:443
	storage.googleapis.com:443
	sum.golang.org:443
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	show-progress: 'false'
	persist-credentials: 'false'
	- name: Initialize CodeQL
	uses: github/codeql-action/init@8e0b1c74b1d5a0077b04d064c76ee714d3da7637 # v2.14.6
	with:
	languages: go
	queries: security-extended,security-and-quality
	- name: Autobuild
	uses: github/codeql-action/autobuild@8e0b1c74b1d5a0077b04d064c76ee714d3da7637 # v2.14.6
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@8e0b1c74b1d5a0077b04d064c76ee714d3da7637 # v2.14.6
	with:
	category: "/language:go"

	gha-workflow-security:
	name: GHA Workflow Security
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	steps:
	- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	github.com:443
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	show-progress: 'false'
	persist-credentials: 'false'
	- name: Ensure GitHub action versions are pinned to SHAs
	uses: zgosalvez/github-actions-ensure-sha-pinned-actions@fc87bb5b5a97953d987372e74478de634726b3e5 # v3.0.25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #526 from navapbc/mqwebster/lambda-updates #734

Workflow file

Merge pull request #526 from navapbc/mqwebster/lambda-updates #734

Uh oh!

Workflow file for this run