.github/workflows/ossar-analysis.yml
name: OSSAR
on:
push:
pull_request:
jobs:
OSSAR-Scan:
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 2
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
- name: Run OSSAR
uses: github/ossar-action@v1
id: ossar
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}