name: flawfinder on: push: branches: [ main ] pull_request: branches: [ main ] jobs: flawfinder: name: Flawfinder Checks runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write steps: - name: Checkout code uses: actions/checkout@v3 - name: Scan with Flawfinder uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c with: arguments: '--sarif ./' output: 'flawfinder_results.sarif' - name: Upload analysis results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{github.workspace}}/flawfinder_results.sarif