update security-gate.yml

htrgouvea · Dec 16, 2024 · 350e178 · 350e178
1 parent 57d02c5
commit 350e178
Showing 1 changed file with 20 additions and 9 deletions.
diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml
@@ -1,13 +1,21 @@
-name: Security Gate
+name: Security Gate - LESIS
 
 on:
+  push:
+    branches:
+      - main
+      - develop
   pull_request:
     branches:
       - main
       - develop
 
+permissions:
+  security-events: read
+  contents: read
+
 jobs:
-  gate:
+  build:
     runs-on: ubuntu-latest
     env:
       MAX_CRITICAL: 0
@@ -22,12 +30,15 @@ jobs:
     - name: Pull Docker image from GitHub Container Registry
       run: docker pull ghcr.io/instriq/security-gate/security-gate:latest
 
-    - name: Verify security alerts from dependabot
+    - name: Verify security alerts from GHAS
       run: |
         docker run ghcr.io/instriq/security-gate/security-gate:latest \
-        -t $GITHUB_TOKEN \
-        -r ${{ github.repository }} \
-        --critical $MAX_CRITICAL \
-        --high $MAX_HIGH \
-        --medium $MAX_MEDIUM \
-        --low $MAX_LOW
+        -t "$GITHUB_TOKEN" \
+        -r "${{ github.repository }}" \
+        -c "$MAX_CRITICAL" \
+        -h "$MAX_HIGH" \
+        -m "$MAX_MEDIUM" \
+        -l "$MAX_LOW" \
+        --dependency-alerts \
+        --secret-alerts \
+        --code-alerts