From 4178605e47107d803a3a300634adbbd946cec3ec Mon Sep 17 00:00:00 2001 From: Murilo Dal Ri Date: Fri, 24 Nov 2023 14:07:29 +0000 Subject: [PATCH] Add CodeQL (SAST) scan and Dependency Review (SCA) scan to CI pipeline https://trello.com/c/gbGaKLLu/3352-add-sca-and-sast-scans-to-all-govuk-repos-2 --- .github/workflows/ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9c6142d71..79991062e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,6 +11,16 @@ on: pull_request: jobs: + codeql-sast: + name: CodeQL SAST scan + uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main + permissions: + security-events: write + + dependency-review: + name: Dependency Review scan + uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main + security-analysis: name: Security Analysis uses: alphagov/govuk-infrastructure/.github/workflows/brakeman.yml@main