name: OSPS Baseline Scanner on: schedule: # Run weekly on Mondays at 9 AM UTC - cron: "0 9 * * 1" workflow_dispatch: # Allow manual triggering jobs: osps-assessment: runs-on: ubuntu-latest name: Baseline Scan permissions: contents: read security-events: write # Required for SARIF upload steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Baseline Action uses: revanite-io/osps-baseline-action@ace75cc1fb748be898275f16f59f78363405bc0a # v1.3.3 with: owner: ${{ github.repository_owner }} repo: ${{ github.event.repository.name }} token: ${{ secrets.GH_AUTH_TOKEN }} catalog: "osps-baseline" upload-sarif: "true" - name: Upload Assessment Results if: always() uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: osps-assessment-results-${{ github.run_number }} path: evaluation_results/ retention-days: 30