Skip to content

feat: add archived repository scanner test workflow #4100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add archived repository scanner test workflow #4100

wants to merge 2 commits into from

Conversation

jacoblerner-czi
Copy link
Contributor

  • Add workflow to test the archived repository scanner action
  • References the feat/archived-repo-scanner branch from github-actions repo
  • Runs on pull requests for immediate feedback
  • Generates SARIF reports and uploads to Security tab
  • Comments on PRs with scan results
  • Tests for archived GitHub repository dependencies

feat: add archived repository scanner test workflow
42373bf 
- Add workflow to test the archived repository scanner action
- References the feat/archived-repo-scanner branch from github-actions repo
- Runs on pull requests for immediate feedback
- Generates SARIF reports and uploads to Security tab
- Comments on PRs with scan results
- Tests for archived GitHub repository dependencies
@jacoblerner-czi jacoblerner-czi requested a review from a team as a code owner July 29, 2025 19:40
@jacoblerner-czi jacoblerner-czi requested review from akgcz and removed request for a team July 29, 2025 19:40
@github-actions GitHub Actions
Copy link
Contributor

No Jira issue reference found in branch, title, or body of PR.

Please add a reference to a Jira issue in the form of CCIE-#### (eg: CCIE-1400) to the branch name, title, or body of your PR.

fix: correct JavaScript template literal syntax in workflow
311b046 
- Remove incorrect backslash escaping from template literals
- Fix syntax errors that were causing the github-script action to fail
- Use proper template literal syntax for dynamic content
- Should now properly display scan results in PR comments
@github-actions GitHub Actions
Copy link
Contributor

No Jira issue reference found in branch, title, or body of PR.

Please add a reference to a Jira issue in the form of CCIE-#### (eg: CCIE-1400) to the branch name, title, or body of your PR.

@github-actions GitHub Actions
Copy link
Contributor

🔍 Archived Repository Scanner Test Results ⚠️

Found archived repository dependencies!

  • Total GitHub repositories found:
  • Archived repositories found:

Please review the Security tab for detailed findings.

Why this matters:

Archived repositories are read-only and no longer receive updates, which may pose security and maintenance risks.

Recommended actions:

  1. Find alternatives: Look for actively maintained forks or alternative libraries
  2. Fork if necessary: If no alternatives exist, consider forking the repository
  3. Update dependencies: Remove or replace the dependency if possible
  4. Monitor security: Be aware that archived repositories won't receive security updates

This is a test run of the new archived repository scanner action from chanzuckerberg/github-actions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akgcz akgcz Awaiting requested review from akgcz akgcz is a code owner automatically assigned from chanzuckerberg/infra-eng-core

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jacoblerner-czi