Skip to content
Back to pull request #1832

docs: Integration guide and examples for Istio service mesh #2622

Sign in to view logs

docs: Integration guide and examples for Istio service mesh

docs: Integration guide and examples for Istio service mesh #2622

Workflow file for this run

.github/workflows/security.yaml at b94b9b3
name: "Security Scan"
env:
GO_VERSION: "1.23.2"
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: '34 0 * * 6'
permissions: read-all
jobs:
trivy-scan:
runs-on: ubuntu-24.04
permissions:
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@fc1500abdcdc9fc681e98d8912a52fa70dbc67de # master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
skip-dirs: 'docs/content/docs,docs/build'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
with:
sarif_file: 'trivy-results.sarif'
codeql-scan:
runs-on: ubuntu-24.04
permissions:
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "${{ env.GO_VERSION }}"
- name: Initialize CodeQL
uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
with:
languages: go
queries: security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
with:
category: "/language:go"