diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 636cca4..689f7b5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,8 +45,8 @@ jobs: dotnet build --configuration Release --no-restore dotnet test --configuration Release --verbosity minimal --no-build - analyze: - name: code analysis + code-ql: + name: code-ql analysis runs-on: ubuntu-latest permissions: actions: read @@ -80,3 +80,25 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 + + dev-skim: + name: dev skim analysis + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout Git repository + uses: actions/checkout@main + + - name: Run DevSkim scanner + uses: microsoft/DevSkim-Action@main + with: + directory-to-scan: src + extra-options: '--console-verbosity Verbose --skip-git-ignored-files true' + + - name: Upload DevSkim scan results to GitHub security + uses: github/codeql-action/upload-sarif@main + with: + sarif_file: devskim-results.sarif