Skip to content

feat: add OSV vulnerability scanner #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vredchenko wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add OSV vulnerability scanner #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions .github/workflows/osv-scanner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: OSV Scanner

on:
pull_request:
branches: [main]
merge_group:
branches: [main]
push:
branches: [main]
schedule:
- cron: '0 3 * * *'
workflow_dispatch:

permissions:
actions: read
contents: read
security-events: write

jobs:
scan-pr:
if: (github.event_name == 'pull_request' && github.event.pull_request.draft == false) || github.event_name == 'merge_group'
uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.3.2

scan-scheduled:
if: github.event_name == 'schedule' || github.event_name == 'push' || github.event_name == 'workflow_dispatch'
uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.2
24 changes: 24 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# ARIA Metadata Management Plugin Library

[![OSV Scanner](https://github.com/FragmentScreen/ddapi-record-logs/actions/workflows/osv-scanner.yml/badge.svg)](https://github.com/FragmentScreen/ddapi-record-logs/actions/workflows/osv-scanner.yml)

This is a stub plugin library for the **ARIA metadata management service**, specifically designed for handling LOGS metadata.

For more information, visit: https://gitlab.com/aria-php/data-deposition-api
Expand All @@ -8,3 +10,25 @@ For more information, visit: https://gitlab.com/aria-php/data-deposition-api

This stub plugin provides a foundation for integrating LOGS metadata handling with the ARIA metadata management system.

## Security Scanning

This repo uses [OSV Scanner](https://github.com/google/osv-scanner) for vulnerability detection.

**When it runs:**
- Daily at 03:00 UTC (full scan)
- On PRs targeting main (changed deps only)
- On push to main (full scan)

**If vulnerabilities are found:**
1. Check the [Security tab](../../security) for alerts
2. To ignore false positives, add entries to `osv-scanner.toml`:
```toml
[[IgnoredVulns]]
id = "GHSA-xxxx-xxxx-xxxx"
reason = "Justification"
```

**References:**
- [OSV Scanner docs](https://google.github.io/osv-scanner/)
- [GitHub Action](https://github.com/google/osv-scanner-action)
- [OSV Database](https://osv.dev/)
2 changes: 2 additions & 0 deletions osv-scanner.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# OSV Scanner configuration
# https://google.github.io/osv-scanner/configuration/
Loading