NTab仓库
fjmwkj
/
searxng
mirror of https://github.com/searxng/searxng
1
0
Fork 0
Files Issues 0 Wiki
Tree: 14b8a999f3
Branches Tags
searxng
/
.github
/
workflows
/
security.yml

security.yml 986 B
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344 
  1. ---
    2. 

  2. name: Security
    3. 

  3. 

  4. # yamllint disable-line rule:truthy
    5. 

  5. on:
    6. 

  6.   workflow_dispatch:
    7. 

  7.   schedule:
    8. 

  8.     - cron: "42 05 * * *"
    9. 

  9. 

  10. concurrency:
    11. 

  11.   group: ${{ github.workflow }}
    12. 

  12.   cancel-in-progress: false
    13. 

  13. 

  14. permissions:
    15. 

  15.   contents: read
    16. 

  16. 

  17. jobs:
    18. 

  18.   container:
    19. 

  19.     if: github.repository_owner == 'searxng'
    20. 

  20.     name: Container
    21. 

  21.     runs-on: ubuntu-24.04-arm
    22. 

  22.     permissions:
    23. 

  23.       security-events: write
    24. 

  24. 

  25.     steps:
    26. 

  26.       - name: Checkout
    27. 

  27.         uses: actions/checkout@v4
    28. 

  28.         with:
    29. 

  29.           persist-credentials: "false"
    30. 

  30. 

  31.       - name: Run Trivy scanner
    32. 

  32.         uses: aquasecurity/trivy-action@0.30.0
    33. 

  33.         with:
    34. 

  34.           image-ref: "ghcr.io/searxng/searxng:latest"
    35. 

  35.           vuln-type: "os,library"
    36. 

  36.           severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
    37. 

  37.           ignore-unfixed: "false"
    38. 

  38.           format: "sarif"
    39. 

  39.           output: "./trivy-results.sarif"
    40. 

  40. 

  41.       - name: Upload SARIFs
    42. 

  42.         uses: github/codeql-action/upload-sarif@v3
    43. 

  43.         with:
    44. 

  44.           sarif_file: "./trivy-results.sarif"
    45.
© 2025 NTab仓库
Page: 41ms Template: 0ms 微信 微信二维码 哔哩哔哩 Sina Weibo Javascript Licenses Website