fabasoad · fabasoad · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026
@@ -0,0 +1 @@
+* @fabasoad
@@ -0,0 +1,9 @@
+---
+custom:
+  [
+    "https://www.bitcoinqrcodemaker.com/?style=bitcoin&address=145HwyQAcv4vrzUumJhu7nWGAVBysX9jJH&prefix=on",
+    "https://paypal.me/fabasoad",
+  ]
+github: ["fabasoad"]
+ko_fi: fabasoad
+liberapay: fabasoad
@@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels: bug
+assignees: fabasoad
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## Steps to Reproduce
+
+1. Run '...'
+2. See error
+
+## Expected behavior
+
+A clear and concise description of what you expected to happen.
+
+## Actual behavior
+
+A clear and concise description of what is happening now.
+
+## Screenshots
+
+If applicable, add screenshots to help explain your problem.
+
+## Technical information (please complete the following information)
+
+- OS: [e.g. Windows 10 Enterprise v.1909 (OS Build 18363.720)]
+- `setup-depscan-action` version [e.g. 0.1.0]
+
+## Additional context
+
+Add any other context about the problem here.
@@ -0,0 +1,25 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ""
+labels: enhancement
+assignees: fabasoad
+---
+
+## Is your feature request related to a problem? Please describe
+
+A clear and concise description of what the problem is. Ex. I'm always frustrated
+when [...]
+
+## Describe the solution you'd like
+
+A clear and concise description of what you want to happen.
+
+## Describe alternatives you've considered
+
+A clear and concise description of any alternative solutions or features you've
+considered.
+
+## Additional context
+
+Add any other context or screenshots about the feature request here.
@@ -0,0 +1,59 @@
+<!-- markdownlint-disable-file MD041 -->
+
+## Pull request checklist
+
+Please check if your PR fulfills the following requirements:
+
+- [ ] I have read the [CONTRIBUTING](https://github.com/fabasoad/setup-depscan-action/blob/main/CONTRIBUTING.md)
+      doc.
+- [ ] Tests for the changes have been added (for bug fixes / features).
+- [ ] Docs have been reviewed and added / updated if needed (for bug fixes / features).
+
+## Pull request type
+
+<!-- Please do not submit updates to dependencies unless it fixes an issue. -->
+
+<!-- Please try to limit your pull request to one type, submit multiple pull
+requests if needed. -->
+
+Please check the type of change your PR introduces:
+
+- [ ] Bugfix
+- [ ] Feature
+- [ ] Code style update (formatting, renaming)
+- [ ] Refactoring (no functional changes, no api changes)
+- [ ] Build related changes
+- [ ] Documentation content changes
+- [ ] Other (please describe):
+
+## What is the current behavior
+
+<!-- Please describe the current behavior that you are modifying, or link to a
+relevant issue. -->
+
+## What is the new behavior
+
+<!-- Please describe the behavior or changes that are being added by this PR. -->
+
+-
+-
+-
+
+## Does this introduce a breaking change
+
+- [ ] Yes
+- [ ] No
+
+<!-- If this introduces a breaking change, please describe the impact and
+migration path for existing applications below. -->
+
+## Other information
+
+<!-- Any other information that is important to this PR such as screenshots of
+how the component looks before and after the change. -->
+<!-- This document was adapted from the open-source [appium/appium](https://github.com/appium/appium/blob/master/.github/PULL_REQUEST_TEMPLATE.md)
+repository. -->
+
+---
+
+Closes #{IssueNumber}
@@ -0,0 +1,142 @@
+---
+name: Functional Tests
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - .github/workflows/functional-tests.yml
+      - src/**
+      - action.yml
+  schedule:
+    # Every Friday at 09:00 JST
+    - cron: "0 0 * * 5"
+  workflow_dispatch: {}
+
+defaults:
+  run:
+    shell: sh
+
+permissions:
+  contents: read
+
+jobs:
+  get-versions:
+    name: Get 3 latest versions
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    outputs:
+      versions: ${{ steps.prepare-list.outputs.versions }}
+    steps:
+      - name: Get releases
+        id: github-releases
+        uses: yakubique/github-releases@v1.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          repository: "owasp-dep-scan/dep-scan"
+          sort: "desc"
+      - name: Prepare list
+        id: prepare-list
+        env:
+          RELEASES_AMOUNT: "3"
+        run: |
+          versions=$(echo '${{ steps.github-releases.outputs.releases }}' \
+            | jq -c -r --arg n "${RELEASES_AMOUNT}" '.[0:($n | tonumber)] | map(sub("^v"; "")) | . += ["latest"]')
+          echo "versions=${versions}" >> "$GITHUB_OUTPUT"
+  setup-depscan:
+    name: Setup depscan
+    needs: [get-versions]
+    runs-on: ${{ matrix.os }}-latest
+    timeout-minutes: 5
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu", "macos", "windows"]
+        version: ${{ fromJSON(needs.get-versions.outputs.versions) }}
+    steps:
+      - name: Checkout ${{ github.repository }}
+        uses: actions/checkout@v6
+      - name: Setup depscan
+        id: setup-depscan
+        uses: ./
+        with:
+          version: ${{ matrix.version }}
+      - name: Test action completion
+        run: |
+          test_equal() {
+            if [ "${2}" != "${3}" ]; then
+              echo "::error title=${1}::Expected: ${3}. Actual: ${2}."
+              exit 1
+            fi
+          }
+          test_equal "depscan should be installed" \
+            "${{ steps.setup-depscan.outputs.installed }}" \
+            "true"
+      - name: Print version
+        run: depscan --version
+  setup-depscan-in-container:
+    name: Setup depscan in container
+    needs: [get-versions]
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    container:
+      image: ${{ matrix.image }}:latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image: ["alpine", "ubuntu"]
+    steps:
+      - name: Checkout ${{ github.repository }}
+        uses: actions/checkout@v6
+      - name: Setup depscan
+        id: setup-depscan
+        uses: ./
+      - name: Test action completion
+        run: |
+          test_equal() {
+            if [ "${2}" != "${3}" ]; then
+              echo "::error title=${1}::Expected: ${3}. Actual: ${2}."
+              exit 1
+            fi
+          }
+          test_equal "depscan should be installed" \
+            "${{ steps.setup-depscan.outputs.installed }}" \
+            "true"
+      - name: Print version
+        run: depscan --version
+  test-force:
+    name: Test force
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    strategy:
+      fail-fast: false
+      matrix:
+        force: ["true", "false"]
+    steps:
+      - name: Checkout ${{ github.repository }}
+        uses: actions/checkout@v6
+      - name: Setup depscan 1
+        id: setup-depscan-1
+        uses: ./
+      - name: Setup depscan 2
+        id: setup-depscan-2
+        uses: ./
+        with:
+          force: ${{ matrix.force }}
+      - name: Test action completion
+        run: |
+          test_equal() {
+            if [ "${2}" != "${3}" ]; then
+              echo "::error title=${1}::Expected: ${3}. Actual: ${2}."
+              exit 1
+            fi
+          }
+          test_equal "Wrong \"installed\" output from setup-depscan-1" \
+            "${{ steps.setup-depscan-1.outputs.installed }}" \
+            "true"
+          test_equal "Wrong \"installed\" output from setup-depscan-2" \
+            "${{ steps.setup-depscan-2.outputs.installed }}" \
+            "${{ matrix.force }}"
@@ -0,0 +1,15 @@
+---
+name: Linting
+
+on: # yamllint disable-line rule:truthy
+  pull_request: {}
+  push:
+    branches:
+      - main
+
+jobs:
+  pre-commit:
+    name: Pre-commit
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-pre-commit.yml@main
+    permissions:
+      contents: read
@@ -0,0 +1,14 @@
+---
+name: Release
+
+on: # yamllint disable-line rule:truthy
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  github:
+    name: GitHub
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main
+    permissions:
+      contents: write
@@ -0,0 +1,27 @@
+---
+name: Security
+
+on: # yamllint disable-line rule:truthy
+  pull_request: {}
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      security-type:
+        description: What Security scanning you would like to run?
+        required: false
+        default: "all"
+        type: choice
+        options: ["all", "sca", "code-scanning"]
+
+jobs:
+  sast:
+    name: SAST
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main
+    permissions:
+      contents: read
+      security-events: write
+    with:
+      code-scanning: ${{ contains(fromJSON('["all", "code-scanning"]'), github.event.inputs.security-type || 'all') }}
+      sca: ${{ contains(fromJSON('["all", "sca"]'), github.event.inputs.security-type || 'all') }}
@@ -0,0 +1,17 @@
+---
+name: Labels
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+  workflow_dispatch: {}
+
+jobs:
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
@@ -0,0 +1,15 @@
+---
+name: License
+
+on: # yamllint disable-line rule:truthy
+  schedule:
+    # Every January 1st at 14:00 JST
+    - cron: "0 5 1 1 *"
+
+jobs:
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main
+    permissions:
+      contents: write
+      pull-requests: write
@@ -0,0 +1,4 @@
+.DS_Store
+.envrc
+.idea
+.vscode
@@ -0,0 +1,6 @@
+---
+default: true
+MD013:
+  code_blocks: false
+  tables: false
+MD041: false