mirror of
https://github.com/kemko/nomad.git
synced 2026-01-04 17:35:43 +03:00
52f0b40f4c
Resolve scan job runner Resolve linting alerts adding EOF on files adding EOF on gitignore too add hclfmt and bump action versions update scan.hcl comments Co-authored-by: Tim Gross <tgross@hashicorp.com> fix typo move scan.hcl file and paths-ignore for scans change action runner use org secret to checkout typo change runner use hashicorp/setup-golang@v3 Co-authored-by: Tim Gross <tgross@hashicorp.com> pin the github action sha
56 lines
1.4 KiB
HCL
56 lines
1.4 KiB
HCL
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
# Configuration for security scanner.
|
|
# Run on PRs and pushes to `main` and `release/**` branches.
|
|
# See .github/workflows/security-scan.yml for CI config.
|
|
|
|
# To run manually, install scanner and then run `scan repository .`
|
|
|
|
# Scan results are triaged via the GitHub Security tab for this repo.
|
|
# See `security-scanner` docs for more information on how to add `triage` config
|
|
# for specific results or to exclude paths.
|
|
|
|
# This file controls scanning the repository only, not release artifacts. See
|
|
# .release/security-scan.hcl for the scanner config for release artifacts, which
|
|
# will block releases.
|
|
|
|
repository {
|
|
go_modules = true
|
|
npm = true
|
|
osv = true
|
|
go_stdlib_version_file = ".go-version"
|
|
|
|
secrets {
|
|
all = true
|
|
skip_path_strings = ["/website/content/"]
|
|
}
|
|
|
|
github_actions {
|
|
pinned_hashes = true
|
|
}
|
|
|
|
dependabot {
|
|
required = true
|
|
check_config = true
|
|
}
|
|
|
|
dockerfile {
|
|
pinned_hashes = true
|
|
curl_bash = true
|
|
}
|
|
|
|
# Triage items that are _safe_ to ignore here. Note that this list should be
|
|
# periodically cleaned up to remove items that are no longer found by the scanner.
|
|
triage {
|
|
suppress {
|
|
paths = [
|
|
"ui/tests/*",
|
|
"internal/testing/*",
|
|
"testutil/*",
|
|
"website/content/*",
|
|
]
|
|
}
|
|
}
|
|
}
|