1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# Copyright 2024-2025, Intel Corporation
# SPDX-License-Identifier: BSD-3-Clause
name: Scan trunk archives with cve-bin-tool
permissions: read-all
on:
workflow_dispatch:
schedule:
# Run every day at 22:00 UTC
- cron: '0 22 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
zip_url: https://github.com/ispc/ispc/releases/download/trunk-artifacts/ispc-trunk-windows.zip
tar_url: https://github.com/ispc/ispc/releases/download/trunk-artifacts/ispc-trunk-linux.tar.gz
jobs:
scan:
runs-on: ubuntu-latest
# Disabling this workflow for non ispc/ispc repo to reduce the traffic to artifacts downloads.
if: github.repository == 'ispc/ispc'
steps:
- name: Install cve-bin-tool
run: |
pip3 install cve-bin-tool[PDF]
- name: Download trunk archives
run: |
wget --quiet -O archive.zip ${{ env.zip_url }}
wget --quiet -O archive.tar.gz ${{ env.tar_url }}
- name: Scan archvies with cve-bin-tool
run: |
cve-bin-tool ./ -f console,pdf,html -o report
- name: Upload reports
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: always()
with:
name: reports
path: |
report.txt
report.pdf
report.html
|
