fix: gosec SAST scan ci job

* fix: gosec SAST scan ci job * feat: upload gosec report to github security page Signed-off-by: lvlcn-t <[email protected]>
caas-team · Nov 16, 2024 · f26de9e · f26de9e
1 parent 5e95658
commit f26de9e
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/.github/workflows/test_sast.yml b/.github/workflows/test_sast.yml
@@ -2,22 +2,26 @@ name: Test - SAST
 
 on:
   push:
+  schedule:
+    # Schedule the workflow to run at 00:00 on Sunday UTC time.
+    - cron: "0 0 * * 0"
 
 permissions:
   contents: read
 
 jobs:
   tests:
     runs-on: ubuntu-latest
-
     env:
       GO111MODULE: on
-
+      GOFLAGS: "-buildvcs=false"
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
+      - uses: actions/checkout@v4
       - name: Run Gosec Security Scanner
         uses: securego/gosec@master
         with:
-          args: ./...
+          args: "-no-fail -fmt sarif -out results.sarif ./..."
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif