Skip to content

Refactor OSV-Scanner workflow for improved scanning efficiency#38

Merged
algotyrnt merged 3 commits intomainfrom
OSV-workflow
Mar 18, 2026
Merged

Refactor OSV-Scanner workflow for improved scanning efficiency#38
algotyrnt merged 3 commits intomainfrom
OSV-workflow

Conversation

@algotyrnt
Copy link
Owner

@algotyrnt algotyrnt commented Mar 18, 2026

This pull request introduces a new workflow for automated vulnerability scanning using OSV-Scanner. The workflow is designed to run on pull requests, merge groups, and pushes to the main branch, helping to identify security issues early and integrate with existing dependency management tools like Dependabot.

Security automation:

  • Added .github/workflows/osv-scanner.yml to enable OSV-Scanner scans for vulnerabilities on PRs, merge groups, and pushes to main, uploading results to the security tab.
  • Configured permissions to allow writing security events and reading repository contents for proper SARIF file upload and scan operation.

Integration and usability:

  • Utilized reusable OSV-Scanner workflows (osv-scanner-reusable.yml and osv-scanner-reusable-pr.yml) for both push and PR events, ensuring consistent and up-to-date scanning.
  • Set scan arguments to recursively scan the repository while skipping the .git directory for efficiency.Updated OSV-Scanner workflow to streamline scanning on push and pull request events.

@algotyrnt
Refactor OSV-Scanner workflow for better scanning
86dd585 
Updated OSV-Scanner workflow to streamline scanning on push and pull request events.
Copilot AI review requested due to automatic review settings March 18, 2026 03:59
@vercel
Copy link

vercel bot commented Mar 18, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
personal-site Ready Ready Preview, Comment Mar 18, 2026 4:08am

Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an OSV-Scanner GitHub Actions workflow to perform dependency vulnerability scans on pushes and PR-related events, complementing existing code scanning in the repository.

Changes:

  • Introduces a new OSV-Scanner workflow triggered on push, pull_request, and merge_group for main.
  • Runs OSV scanning via Google’s pinned reusable workflows for push vs PR contexts.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@github-advanced-security
Copy link
Contributor

github-advanced-security bot commented Mar 18, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@algotyrnt algotyrnt merged commit 7939a59 into main Mar 18, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@algotyrnt