name: Codacy Security Scan on: push: branches: [ rewrite ] pull_request: branches: [ rewrite ] schedule: - cron: '0 0 * * *' jobs: codacy-security-scan: name: Codacy Security Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4.1.0 # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI uses: codacy/codacy-analysis-cli-action@v4.3.0 with: project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} verbose: true output: results.sarif format: sarif # Adjust severity of non-security issues gh-code-scanning-compat: true # Force 0 exit code to allow SARIF file generation # This will handover control about PR rejection to the GitHub side max-allowed-issues: 2147483647 # Upload the SARIF file generated in the previous step - name: Upload SARIF results file uses: github/codeql-action/upload-sarif@v2.22.3 with: sarif_file: results.sarif