Skip to content
This repository has been archived by the owner on Feb 26, 2024. It is now read-only.

Adding ProdSec consolidated workflow files #1

Adding ProdSec consolidated workflow files

Adding ProdSec consolidated workflow files #1

# Product Security tooling
# Runs Manifest SBOM generation and Dependency Check Scanning
---
name: Product Security Tooling
'on':
pull_request:
release:
types:
- created
jobs:
sbom_generator:
if: github.event_name == 'release'
uses: HealthByRo/ro-github-actions/.github/workflows/manifest_sbom.yml@main

Check failure on line 15 in .github/workflows/Prodsec_Workflow.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/Prodsec_Workflow.yml

Invalid workflow file

error parsing called workflow ".github/workflows/Prodsec_Workflow.yml" -> "HealthByRo/ro-github-actions/.github/workflows/manifest_sbom.yml@main" : workflow was not found. See https://docs.github.com/actions/learn-github-actions/reusing-workflows#access-to-reusable-workflows for more information.
with:
languages: '["TypeScript", "Python", "CSS", "JavaScript"]'
secrets:
ssh_key: ${{ secrets.SSH_RO_CI_DEPLOY }}
manifest_key: ${{ secrets.MANIFEST_SBOM }}
dependency-check:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Dependency Check
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
license-check: false