Skip to content

extend the sast-coverity-check CI task to support buildful scanning #2863

extend the sast-coverity-check CI task to support buildful scanning

extend the sast-coverity-check CI task to support buildful scanning #2863

Workflow file for this run

name: Checkton
"on":
pull_request:
branches: [main]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
# Differential Checkton requires full git history
fetch-depth: 0
- name: Run Checkton
id: checkton
uses: chmeliik/[email protected]
with:
# Set to false when re-enabling SARIF uploads
fail-on-findings: true
find-copies-harder: true
exclude-regex: ^task-generator
# Currently, code scanning alerts annoyingly stay open even if you fix them.
# Don't upload SARIF until https://github.com/orgs/community/discussions/132787 is resolved.
# - name: Upload SARIF file
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: ${{ steps.checkton.outputs.sarif }}
# # Avoid clashing with ShellCheck
# category: checkton