Denis Pisarev
2 weeks ago
committed by
GitHub
GitHub
1 changed files with 41 additions and 0 deletions
@ -0,0 +1,41 @@ |
|||||
|
name: Scheduled Advisory Scan |
||||
|
permissions: {} |
||||
|
|
||||
|
concurrency: |
||||
|
group: ${{ github.workflow }} |
||||
|
cancel-in-progress: false |
||||
|
|
||||
|
on: |
||||
|
schedule: |
||||
|
# Daily at 11:17 UTC — offset from Trivy (11:08) to spread advisory DB load. |
||||
|
- cron: '17 11 * * *' |
||||
|
|
||||
|
workflow_dispatch: |
||||
|
|
||||
|
defaults: |
||||
|
run: |
||||
|
shell: bash |
||||
|
|
||||
|
jobs: |
||||
|
cargo-deny-advisories: |
||||
|
name: cargo deny advisories |
||||
|
# Only run on the upstream repo, not forks — avoids hammering the RustSec DB. |
||||
|
if: ${{ github.repository == 'dani-garcia/vaultwarden' }} |
||||
|
runs-on: ubuntu-24.04 |
||||
|
timeout-minutes: 30 |
||||
|
permissions: |
||||
|
contents: read |
||||
|
|
||||
|
steps: |
||||
|
- name: Checkout |
||||
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
||||
|
with: |
||||
|
persist-credentials: false |
||||
|
|
||||
|
# Run only the advisories check so duplicate/license noise doesn't obscure |
||||
|
# newly published CVEs. The full `cargo deny check` runs in build.yml on |
||||
|
# every push/PR; this job exists solely to catch new advisories between pushes. |
||||
|
- name: Run cargo deny (advisories only) |
||||
|
uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 |
||||
|
with: |
||||
|
command: check advisories |
||||
Loading…
Reference in new issue