[ODS-6424] Add dependencies scan action to main-5x (#189)

* Add dependencies scan action * Update actions to approved version
Ed-Fi-Alliance-OSS · Aug 1, 2024 · 0a4d94b · 0a4d94b
1 parent 74d4faf
commit 0a4d94b
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/.github/workflows/Dependencies Security Scan.yml b/.github/workflows/Dependencies Security Scan.yml
@@ -0,0 +1,40 @@
+# SPDX-License-Identifier: Apache-2.0
+# Licensed to the Ed-Fi Alliance under one or more agreements.
+# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+# See the LICENSE and NOTICES files in the project root for more information.
+
+name: Dependency Review Pull request
+
+on:
+  pull_request:
+    branches: [main, main-5x]
+
+permissions: read-all
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+env:
+  HEAD_REF:  ${{ GITHUB.HEAD_REF }}
+  REF_NAME:  ${{ GITHUB.REF_NAME }}  
+  REPOSITORY_DISPATCH_BRANCH: ${{ github.event.client_payload.branch }}  
+
+jobs:
+  scan-actions:
+    name: Scan Actions
+    uses: ed-fi-alliance-oss/ed-fi-actions/.github/workflows/repository-scanner.yml@main
+
+  analyze-code:
+    name: Analyze Code Dependencies
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Dependency Review ("Dependabot on PR")
+        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce  # v4.1.3
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -9,15 +9,15 @@ jobs:
 
     steps:
       - name: Checkout Ed-Fi-ODS-Docker
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
 
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
 
       # https://github.com/github/super-linter#how-to-use
       - name: Lint Docker Files
-        uses: github/super-linter@286abe2b0349da9c074c0fed8e8ec0a86cd13279
+        uses: github/super-linter@431ee7836e8cdce5a460b0db682d9169563d919b # v4.9.3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DEFAULT_BRANCH: main