Skip to content

Update package.json

Update package.json #6

Workflow file for this run

name: scanners
on:
pull_request:
branches: ["*"]
permissions:
contents: read
pull-requests: write
security-events: write
jobs:
guarddog:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Scan dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Install GuardDog
run: pip install guarddog
- run: guarddog pypi verify requirements.txt --output-format sarif --exclude-rules repository_integrity_mismatch > guarddog.sarif
- name: Upload SARIF file to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
category: guarddog-builtin
sarif_file: guarddog.sarif
scan-pr:
uses: "google/osv-scanner/.github/workflows/osv-scanner-reusable-pr.yml@main"