build(deps-dev): bump ts-jest from 29.3.2 to 29.3.4 #15577

Workflow file for this run

	name: Code Scan

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	schedule:
	- cron: '0 12 * * 1'
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: ${{ github.event_name == 'pull_request' }}

	permissions:
	contents: read # for actions/checkout to fetch code

	jobs:
	fossa:
	name: FOSSA
	# Needs access to the FOSSA API key secret, so don't run on pull request events
	if: ${{ ! github.event_name == 'pull_request' }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod
	- name: Run FOSSA scan and upload build data
	uses: fossa-contrib/fossa-action@3d2ef181b1820d6dcd1972f86a767d18167fa19b # v3.0.1
	with:
	fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
	github-token: ${{ github.token }}

	dependency-review:
	name: Dependency Review
	if: ${{ github.event_name == 'pull_request' }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Run Dependency Review
	uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1

	trivy:
	name: Trivy
	runs-on: ubuntu-latest
	permissions:
	security-events: write # for Trivy to write security events
	steps:
	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
	with:
	scan-type: fs
	scanners: vuln
	ignore-unfixed: true
	format: sarif
	output: trivy-results.sarif
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
	with:
	sarif_file: trivy-results.sarif

	codeql:
	name: CodeQL
	runs-on: ubuntu-latest
	permissions:
	security-events: write # for codeQL to write security events
	steps:
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Initialize CodeQL
	uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
	with:
	languages: go
	- name: Autobuild
	uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps-dev): bump ts-jest from 29.3.2 to 29.3.4 #15577

Workflow file

build(deps-dev): bump ts-jest from 29.3.2 to 29.3.4 #15577

Jobs

Run details

Workflow file for this run