Skip to content

Fix OSSAR workflow: restore valid YAML, add MSDO integration, drop pull_request trigger #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JMG3000 merged 2 commits into from
Mar 26, 2026
+27 −9
Merged

Fix OSSAR workflow: restore valid YAML, add MSDO integration, drop pull_request trigger #82

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
289973c
Initial plan
Copilot Mar 26, 2026
fd09b44
Fix OSSAR workflow: add MSDO step, fix YAML structure, remove pull_re…
Copilot Mar 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 27 additions & 9 deletions .github/workflows/ossar.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,24 @@ name: OSSAR
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '43 21 * * 3'

permissions:
contents: read
security-events: write

jobs:
OSSAR-Scan:
runs-on: windows-latest

env:
# Opt-in early to Node.js 24 for all JavaScript-based actions
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

env:
# Opt-in early to Node.js 24 for all JavaScript-based actions
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.7

# Ensure a compatible version of dotnet is installed.
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
Expand All @@ -35,13 +40,26 @@ env:
# with:
# dotnet-version: '3.1.x'

# Run Microsoft Security DevOps CLI
- name: Run Microsoft Security DevOps
uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0
id: msdo
continue-on-error: true

# Run open source static analysis tools
- name: Run OSSAR
uses: github/ossar-action@v1
uses: github/ossar-action@b0197a0864d7095a2c2bb7d1cf8e17826dfec353 # v1
id: ossar

# Upload results to the Security tab
# Upload MSDO results to the Security tab
- name: Upload MSDO results
uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3
with:
sarif_file: ${{ steps.msdo.outputs.sarifFile }}
if: steps.msdo.outputs.sarifFile

# Upload OSSAR results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
Loading