njsscan.yml

name: '🔎 njsscan sarif'

on: [push, pull_request]

permissions:
  contents: read

jobs:
  njsscan:
    name: '👨‍💻 njsscan code scanning'
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    runs-on: ubuntu-latest

    steps:
      - name: '☁️ Checkout repository'
        uses: actions/checkout@v3

      - name: '🔎 nodejsscan scan'
        id: njsscan
        uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
        with:
          args: '. --sarif --output results.sarif || true'

      - name: '🔝 Upload njsscan report'
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif