Supply Chain Security Validation

The workflow executes supply chain security tools and reports the results.

Usage

Run the workflow on pull requests, pushes to any branch and on a weekly schedule on the default branch.

---
name: Security
on:
  push: {}
  pull_request: {}
  schedule:
    - cron: '0 0 * * 1'
jobs:
  supply-chain-security-validation:
    name: Supply Chain
    uses: coopnorge/github-workflow-supply-chain-security-validation/.github/workflows/supply-chain-security-validation.yaml@main

Maven

If you add a secret called MAVEN_SETTINGS_BASE64 and fill it with a base64 encoded maven settings.xml it will write the maven settings to ~/.m2/settings.xml

Parameters

`codeql-code-scanning-config-file`

CodeQL configuration file

Name		Name	Last commit message	Last commit date
Latest commit History 115 Commits
.github		.github
.pallet		.pallet
CODEOWNERS		CODEOWNERS
LICENSE		LICENSE
README.md		README.md
catalog-info.yaml		catalog-info.yaml
test.js		test.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Supply Chain Security Validation

Usage

Maven

Parameters

`codeql-code-scanning-config-file`

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 11

Uh oh!

Languages

License

coopnorge/github-workflow-supply-chain-security-validation

Folders and files

Latest commit

History

Repository files navigation

Supply Chain Security Validation

Usage

Maven

Parameters

codeql-code-scanning-config-file

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 11

Uh oh!

Languages

`codeql-code-scanning-config-file`

Packages