Skip to content

Ghaf Vulnerability Scan #66

Ghaf Vulnerability Scan

Ghaf Vulnerability Scan #66

# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
#
# SPDX-License-Identifier: Apache-2.0
name: Ghaf Vulnerability Scan
on:
pull_request:
branches:
- main
schedule:
- cron: "0 2 * * *"
workflow_dispatch:
jobs:
scheduled:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Ghaf Vulnerability Scan (main)
run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/main --flakeref=github:tiiuae/ghaf?ref=main --target=packages.x86_64-linux.generic-x86_64-release --target=packages.riscv64-linux.microchip-icicle-kit-release
- name: Ghaf Vulnerability Scan (ghaf-23.06)
run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/ghaf-23.06 --flakeref=github:tiiuae/ghaf?ref=ghaf-23.06 --target=packages.x86_64-linux.generic-x86_64-release
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: Automatic vulnerability report update