User Style & Template Management #491
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ASH Security Scan | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install ASH | |
| run: pip install git+https://github.com/awslabs/automated-security-helper.git@v3.2.4 | |
| - name: Run ASH scan | |
| run: ash --mode local --fail-on-findings | |
| continue-on-error: true | |
| id: ash | |
| - name: Show findings detail | |
| if: always() | |
| run: ash report 2>/dev/null || cat .ash/ash_output/reports/ash.summary.txt 2>/dev/null || echo "No report available" | |
| - name: Fail if findings | |
| if: steps.ash.outcome == 'failure' | |
| run: exit 1 | |
| - name: Upload scan results | |
| uses: actions/upload-artifact@v5 | |
| if: always() | |
| with: | |
| name: ash-results | |
| path: .ash/ash_output/ |