From 289973c40d3881271bdaf027fca443965d02ff89 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 26 Mar 2026 01:08:16 +0000
Subject: [PATCH 1/2] Initial plan


From fd09b44fc82b898eeacc8593a57cf89ab3c66b12 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 26 Mar 2026 01:11:26 +0000
Subject: [PATCH 2/2] Fix OSSAR workflow: add MSDO step, fix YAML structure,
 remove pull_request trigger

Co-authored-by: JMG3000 <105582814+JMG3000@users.noreply.github.com>
Agent-Logs-Url: https://github.com/codingUnited/MokseWebsite/sessions/21d1b28d-71d5-4b71-8986-fc3007c9aaff
---
 .github/workflows/ossar.yml | 36 +++++++++++++++++++++++++++---------
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml
index eaec159..cffe3c9 100644
--- a/.github/workflows/ossar.yml
+++ b/.github/workflows/ossar.yml
@@ -11,19 +11,24 @@ name: OSSAR
 on:
   push:
     branches: [ "master" ]
-  pull_request:
-    branches: [ "master" ]
   schedule:
     - cron: '43 21 * * 3'
 
 permissions:
   contents: read
+  security-events: write
+
+jobs:
+  OSSAR-Scan:
+    runs-on: windows-latest
+
+    env:
+      # Opt-in early to Node.js 24 for all JavaScript-based actions
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 
-env:
-  # Opt-in early to Node.js 24 for all JavaScript-based actions
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.7
 
       # Ensure a compatible version of dotnet is installed.
       # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
@@ -35,13 +40,26 @@ env:
       #   with:
       #     dotnet-version: '3.1.x'
 
+      # Run Microsoft Security DevOps CLI
+      - name: Run Microsoft Security DevOps
+        uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0
+        id: msdo
+        continue-on-error: true
+
       # Run open source static analysis tools
       - name: Run OSSAR
-        uses: github/ossar-action@v1
+        uses: github/ossar-action@b0197a0864d7095a2c2bb7d1cf8e17826dfec353 # v1
         id: ossar
 
-      # Upload results to the Security tab
+      # Upload MSDO results to the Security tab
+      - name: Upload MSDO results
+        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3
+        with:
+          sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+        if: steps.msdo.outputs.sarifFile
+
+      # Upload OSSAR results to the Security tab
       - name: Upload OSSAR results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3
         with:
           sarif_file: ${{ steps.ossar.outputs.sarifFile }}