From ffea20a261554bda6fa62e5416ad68e5b3ace988 Mon Sep 17 00:00:00 2001 From: Kaili Wang Date: Mon, 5 Aug 2024 17:34:28 -0400 Subject: [PATCH 1/2] Add scan, sbom workflow and Security.md (#12) --- .github/workflows/ci.yml | 18 ++++++++++++++++++ SECURITY.md | 3 +++ 2 files changed, 21 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100644 SECURITY.md diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..fb02894 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,18 @@ +name: Scan + +on: + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + scan: + needs: install + if: github.event_name == 'pull_request' + uses: circlefin/circle-public-github-workflows/.github/workflows/pr-scan.yaml@v1 + + release-sbom: + needs: install + if: github.event_name == 'push' + uses: circlefin/circle-public-github-workflows/.github/workflows/attach-release-assets.yaml@v1 diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..ecda258 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,3 @@ +# Security Policy + +This sample app is provided as is, with no guarantees, to be used at your own risk as described in the MIT license. From 18db945a89d2d16efb7fb103df312b749ed30e76 Mon Sep 17 00:00:00 2001 From: Kaili Wang Date: Mon, 5 Aug 2024 17:50:49 -0400 Subject: [PATCH 2/2] Workflow (#14) --- .github/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb02894..1e5417e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,11 +8,9 @@ on: jobs: scan: - needs: install if: github.event_name == 'pull_request' uses: circlefin/circle-public-github-workflows/.github/workflows/pr-scan.yaml@v1 release-sbom: - needs: install if: github.event_name == 'push' uses: circlefin/circle-public-github-workflows/.github/workflows/attach-release-assets.yaml@v1