Files
learningcircuit--local-deep…/.github/workflows/osv-scanner-scheduled.yml
T
wehub-resource-sync 6e7352b6f7
Create Release / version-check (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / test-gate (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Failing after 0s
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Version Auto-Bump / version-bump (push) Failing after 0s
Backwards Compatibility / Verify Encryption Constants (push) Failing after 1s
Backwards Compatibility / PyPI Version Compatibility (push) Failing after 1s
Backwards Compatibility / Database Migration Tests (push) Failing after 0s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
CodeQL Advanced / Analyze (python) (push) Failing after 1s
Docker Tests (Consolidated) / detect-changes (push) Failing after 1s
Docker Tests (Consolidated) / Build Test Image (push) Failing after 1s
Sync repo labels / sync-labels (push) Failing after 0s
MCP Server Tests / MCP Server Tests (push) Failing after 1s
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been skipped
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:25:48 +08:00

36 lines
1.1 KiB
YAML

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# Scheduled OSV-Scanner scanning for vulnerabilities.
# Runs on push to main and weekly schedule.
# Split from osv-scanner.yml to prevent "skipped" noise on PRs.
#
# For more examples and options, including how to ignore specific vulnerabilities,
# see https://google.github.io/osv-scanner/github-action/
name: OSV-Scanner (Scheduled)
on:
push:
branches: [ "main" ] # Create baseline for Code Scanning comparison
schedule:
- cron: '41 21 * * 1' # Weekly on Monday at 21:41 UTC
workflow_dispatch:
permissions: {} # Minimal top-level for OSSF Scorecard Token-Permissions
jobs:
scan-scheduled:
permissions:
security-events: write
contents: read
actions: read
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@9a498708959aeaef5ef730655706c5a1df1edbc2" # v2.3.8
with:
scan-args: |-
-r
--skip-git
./