1name: OSPS Baseline Scanner
 2
 3on:
 4  schedule:
 5    # Run weekly on Mondays at 9 AM UTC
 6    - cron: "0 9 * * 1"
 7  workflow_dispatch: # Allow manual triggering
 8
 9jobs:
10  osps-assessment:
11    runs-on: ubuntu-latest
12    name: Baseline Scan
13
14    permissions:
15      contents: read
16      security-events: write # Required for SARIF upload
17
18    steps:
19      - name: Checkout repository
20        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
21
22      - name: Run Baseline Action
23        uses: revanite-io/osps-baseline-action@99e372da63a5587fad5ef9a1a3c6e465f7e9fc03 # v1.3.1
24        with:
25          owner: ${{ github.repository_owner }}
26          repo: ${{ github.event.repository.name }}
27          token: ${{ secrets.GH_AUTH_TOKEN }}
28          catalog: "osps-baseline"
29          upload-sarif: "true"
30
31      - name: Upload Assessment Results
32        if: always()
33        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
34        with:
35          name: osps-assessment-results-${{ github.run_number }}
36          path: evaluation_results/
37          retention-days: 30