diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index e43942d85c7..90dfcbfa9e6 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -19,27 +19,34 @@ permissions: jobs: scan-scheduled: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + runs-on: ubuntu-latest + steps: + - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + with: + scan-args: |- + --skip-git + --recursive + ./ permissions: actions: read contents: read # Require writing security events to upload SARIF file to security tab security-events: write - with: - scan-args: |- - --skip-git - --recursive - ./ scan-pr: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v5 + with: + go-version: '1.23.4' # The Go version to download (if necessary) and use. + - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + with: + scan-args: |- + --skip-git + --recursive + ./ permissions: actions: read contents: read security-events: write - with: - scan-args: |- - --skip-git - --recursive - ./