updated ossar scan

Author: codebytes

.github/workflows/ossar-analysis.yml

@@ -1,24 +1,43 @@
-# This workflow integrates a collection of open source static analysis tools
-# with GitHub code scanning. For documentation, or to provide feedback, visit
-# https://github.com/github/ossar-action
-name: OSSAR
+# sample-workflow-ubuntu-latest
+# docs are in the repo
 
+name: OSSAR ubuntu-latest
 on:
   push:
-  pull_request:
+    branches:
+      - main
+      - v1
 
 jobs:
-  OSSAR-Scan:
+  sample:
+    name: Open Source Static Analysis Runner
+
     # OSSAR runs on windows-latest.
-    # ubuntu-latest and macos-latest support coming soon
-    runs-on: windows-latest
-
-steps:
-- uses: actions/checkout@v2
-- name: Run OSSAR
-  uses: github/ossar-action@v1
-  id: ossar
-- name: Upload results to Security tab
-  uses: github/codeql-action/upload-sarif@v1
-  with:
-    sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+    # ubuntu-latest and macos-latest supporting coming soon
+    runs-on: ubuntu-latest
+
+    steps:
+
+      # Checkout your code repository to scan
+    - uses: actions/checkout@v2
+
+    # Ensure a compatible version of dotnet is installed.
+    # The [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) is built with net6.0
+    # A version greater than or equal to net6.0 of dotnet must be installed on the agent in order to run this action.
+    # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
+    
+    # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
+    # - uses: actions/setup-dotnet@v1
+    #   with:
+    #     dotnet-version: '6.0.x'
+
+      # Run open source static analysis tools
+    - name: Run OSSAR
+      uses: github/ossar-action@v1
+      id: ossar
+
+      # Upload results to the Security tab
+    - name: Upload results to Security tab
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: ${{ steps.ossar.outputs.sarifFile }}