diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index dc90d28..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: CodeQL - -on: - push: - branches: ["master", "main"] - pull_request: - branches: ["master", "main"] - schedule: - - cron: "31 2 * * 1" - -permissions: - actions: read - contents: read - security-events: write - -jobs: - analyze: - if: ${{ github.event.repository.private == false }} - name: Analyze (${{ matrix.language }}) - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - language: ["actions"] - - steps: - - name: Harden runner - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - - name: Initialize CodeQL - uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 - with: - category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml deleted file mode 100644 index d26dd26..0000000 --- a/.github/workflows/dependency-review.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Dependency Review - -on: - pull_request: - -permissions: - contents: read - -jobs: - dependency-review: - if: ${{ github.event.repository.private == false }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - - steps: - - name: Harden runner - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - - name: Dependency Review - uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 - with: - fail-on-severity: high - deny-licenses: GPL-2.0,GPL-3.0,AGPL-3.0,LGPL-2.1,LGPL-3.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index ed6203f..0000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Scorecard supply-chain security - -on: - branch_protection_rule: - push: - branches: ["master", "main"] - schedule: - - cron: "27 3 * * 1" - -permissions: - actions: read - contents: read - security-events: write - -jobs: - analysis: - if: ${{ github.event.repository.private == false }} - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - id-token: write - security-events: write - - steps: - - name: Harden runner - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - persist-credentials: false - - - name: Run analysis - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a - with: - results_file: results.sarif - results_format: sarif - publish_results: true - - - name: Upload SARIF to code scanning - uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 - with: - sarif_file: results.sarif