Swapping OSV Detector for OSV Scanner.

northwood-labs · Mar 26, 2024 · 43d1118 · 43d1118
1 parent beaf4fa
commit 43d1118
Showing 1 changed file with 6 additions and 28 deletions.
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -20,33 +20,11 @@ concurrency:
 permissions: read-all
 
 jobs:
-  osv_scanner_job:
-    runs-on: ubuntu-latest
-    name: Scan for vulns
+  osv-scan:
+    uses: google/osv-scanner/.github/workflows/[email protected]
     permissions:
-      # Require writing security events to upload SARIF file to security tab
       security-events: write
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
-        with:
-          disable-sudo: false
-          egress-policy: block
-          allowed-endpoints: >
-            api.github.com:443
-            github.com:443
-            objects.githubusercontent.com:443
-            osv-vulnerabilities.storage.googleapis.com:443
-
-      - name: Checkout Source
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
-
-      - name: Check dependencies for security vulnerabilities
-        uses: google/osv-scanner/.github/workflows/[email protected]
-        with:
-          scan-args: |-
-            --recursive
-            --skip-git
-            ./
-          upload-sarif: true
-          fail-on-vuln: true
+    with:
+      upload-sarif: true
+      fail-on-vuln: true
+      scan-args: --recursive --skip-git ./