Skip to content

Scans

Scans #581

Workflow file for this run

# Scan the code for various flaws. See each of the scans for details.
name: Scans
on:
workflow_dispatch:
schedule:
# run this job at 00:00 UTC every day
- cron: '0 0 * * *'
permissions: {}
jobs:
call-bandit:
uses: ./.github/workflows/scan_bandit.yml
name: Bandit
call-codeql:
uses: ./.github/workflows/scan_codeql.yml
name: CodeQL
permissions:
actions: read
contents: read
security-events: write
call-coverity:
# Sorry, no other branches are supported. The result upload would fail.
if: github.ref == 'refs/heads/master'
uses: ./.github/workflows/scan_coverity.yml
secrets:
COVERITY_SCAN_NOTIFICATION_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
name: Coverity
call-coverage:
uses: ./.github/workflows/scan_coverage.yml
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
name: Coverage
call-documentation:
uses: ./.github/workflows/scan_documentation.yml
name: Documentation
call-ubsan:
uses: ./.github/workflows/scan_ubsan.yml
name: UBSAN
call-stack-usage:
uses: ./.github/workflows/scan_stack_usage.yml
name: Stack usage
call-log-calls:
uses: ./.github/workflows/scan_log_calls.yml
name: Log calls