Dogfood latest osv-scanner version (#2370)

google · Jul 4, 2024 · 7c66e2d · 7c66e2d
1 parent 6084fc7
commit 7c66e2d
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/.github/workflows/osv-scanner-unified.yml b/.github/workflows/osv-scanner-unified.yml
@@ -20,11 +20,13 @@ on:
   merge_group:
     branches: ["master"]
   schedule:
-    - cron: "12 12 * * 1"
+  - cron: "12 12 * * 1"
   push:
     branches: ["master"]
 
 permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
   # Require writing security events to upload SARIF file to security tab
   security-events: write
   # Read commit contents
@@ -33,7 +35,9 @@ permissions:
 jobs:
   scan-scheduled:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@staging"
+    # If you want to copy this config, highly suggest pinning this version to a release rather than tracking the main branch
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@main"
   scan-pr:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@staging"
+    # If you want to copy this config, highly suggest pinning this version to a release rather than tracking the main branch
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@main"