fix: actions permissions and upgrade osv to 1.9.1 (#76)

luohoufu · luohf-infinilabs · web-flow · commit bcbb68f5ba15 · 2025-02-12T17:55:55.000+08:00
* fix: actions permissions and upgrade osv to 1.9.1

* fix: change scan path

---------

Co-authored-by: hardy &lt;luohf@infinilabs.com&gt;
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -16,17 +16,19 @@ on:
     branches: [ "main" ]
 
 permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
   # Require writing security events to upload SARIF file to security tab
   security-events: write
-  # Read commit contents
+  # Only need to read contents
   contents: read
 
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.9.1"
     with:
       # Example of specifying custom arguments
       scan-args: |-
         -r
         --skip-git
-        ./
+        /github/workspace
