summaryrefslogtreecommitdiffhomepage
path: root/.github/workflows/osv-scanner-scheduled.yml
AgeCommit message (Collapse)AuthorFilesLines
2025-03-28Stop checking out submodules when running scheduled osv-scanner CILinus Färnstrand1-1/+1
2025-03-11Fix bug in nightly osv-scanner CI jobLinus Färnstrand1-1/+1
When we patched the CI job to allow checking out git submodules, I accidentally copy-pasted the wrong workflow yaml file. This made the nightly scheduled scan use the PR workflow. This workflow does not work in this setting, and it always just reported green status Moving back to consuming the workflow from google instead of our fork again, since the PR with the needed changes have been merged upstream
2025-02-07Check out submodules in osv-scanner workflowLinus Färnstrand1-1/+3
2024-10-24Upgrade osv-scanner to 1.9.0Linus Färnstrand1-1/+1
Contains, among other things, stricter validation of osv-scanner.toml config files. Ignores invalid config files, making their ignores not ignored
2024-09-17Disable the *scheduled* OSV scanner run on pushesLinus Färnstrand1-2/+0
This job should only run on a daily schedule. There is a separate workflow for running on PRs. The reason for disabling it is that it currently runs on every merge, but even if it fails, the PR owner is not notified.
2024-08-29Move osv-scanner CI permissions down to jobLinus Färnstrand1-6/+8
OpenSSF scorecard gives a warning if the security-events permission is set to write on the top level, therefore moving it to the job level.
2024-07-09Update osv-scanner schedule to run every weekday morningLinus Färnstrand1-1/+1
2024-07-09Add osv-scanner CI jobLinus Färnstrand1-0/+21
Based off of googles example workflow
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.