.github/workflows/osv-scanner.yml - streampipes - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 name: OSV Scanner

 on:
   workflow_dispatch:
   schedule:
     - cron: "0 0 1 * *"

 jobs:
   run-osv-scanner:
     name: Run OSV Scanner
     runs-on: ubuntu-latest

     steps:
       - name: Checkout
         uses: actions/checkout@v5

       - name: Pull OSV Scanner Docker image
         run: docker pull ghcr.io/google/osv-scanner:latest

       - name: Scan for vulnerabilities
         run: |
           echo -e '<!--\n  ~ Licensed to the Apache Software Foundation (ASF) under one or more\n  ~ contributor license agreements.  See the NOTICE file distributed with\n  ~ this work for additional information regarding copyright ownership.\n  ~ The ASF licenses this file to You under the Apache License, Version 2.0\n  ~ (the "License"); you may not use this file except in compliance with\n  ~ the License.  You may obtain a copy of the License at\n  ~\n  ~    http://www.apache.org/licenses/LICENSE-2.0\n  ~\n  ~ Unless required by applicable law or agreed to in writing, software\n  ~ distributed under the License is distributed on an "AS IS" BASIS,\n  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  ~ See the License for the specific language governing permissions and\n  ~ limitations under the License.\n  ~\n  -->' > VULNERABILITY.md
           docker run --rm -v $PWD:/repo -w /repo ghcr.io/google/osv-scanner --format markdown -r . 2>&1 | grep -vE '^((Scanning|Scanned|Failed).*)$' >> VULNERABILITY.md
         continue-on-error: true

       - name: Create Pull Request
         id: cpr
         uses: peter-evans/create-pull-request@v7
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
           author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
           signoff: true
           title: Monthly update of vulnerability report
           commit-message: monthly update of vulnerability report
           body: |
             Update *Vulnerablity* report
           delete-branch: true
           reviewers: "dominikriemer,tenthe,svenO3,smlabt,grainier,RobertIndie,bossenti"
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: OSV Scanner

	on:
	workflow_dispatch:
	schedule:
	- cron: "0 0 1 * *"

	jobs:
	run-osv-scanner:
	name: Run OSV Scanner
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v5

	- name: Pull OSV Scanner Docker image
	run: docker pull ghcr.io/google/osv-scanner:latest

	- name: Scan for vulnerabilities
	run: \|
	echo -e '<!--\n ~ Licensed to the Apache Software Foundation (ASF) under one or more\n ~ contributor license agreements. See the NOTICE file distributed with\n ~ this work for additional information regarding copyright ownership.\n ~ The ASF licenses this file to You under the Apache License, Version 2.0\n ~ (the "License"); you may not use this file except in compliance with\n ~ the License. You may obtain a copy of the License at\n ~\n ~ http://www.apache.org/licenses/LICENSE-2.0\n ~\n ~ Unless required by applicable law or agreed to in writing, software\n ~ distributed under the License is distributed on an "AS IS" BASIS,\n ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n ~ See the License for the specific language governing permissions and\n ~ limitations under the License.\n ~\n -->' > VULNERABILITY.md
	docker run --rm -v $PWD:/repo -w /repo ghcr.io/google/osv-scanner --format markdown -r . 2>&1 \| grep -vE '^((Scanning\|Scanned\|Failed).*)$' >> VULNERABILITY.md
	continue-on-error: true

	- name: Create Pull Request
	id: cpr
	uses: peter-evans/create-pull-request@v7
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
	author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
	signoff: true
	title: Monthly update of vulnerability report
	commit-message: monthly update of vulnerability report
	body: \|
	Update Vulnerablity report
	delete-branch: true
	reviewers: "dominikriemer,tenthe,svenO3,smlabt,grainier,RobertIndie,bossenti"