ci: add vulnerability scanner to PR workflows

SpecterOps · Aug 14, 2024 · 5db1360 · 5db1360
1 parent 5adf7e7
commit 5db1360
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
@@ -0,0 +1,40 @@
+# Copyright 2024 Specter Ops, Inc.
+#
+# Licensed under the Apache License, Version 2.0
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Vulnerability Scan
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  run-analysis:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source code for this repository
+        uses: actions/checkout@v3
+
+      - name: Run vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'repo'
+          scan-ref: './'
+          severity: 'CRITICAL,HIGH'
+          exit-code: '1'
+