Adding Microsoft Security DevOps

thomasleplus · thomasleplus · commit 52b0f535520d · 2025-03-20T12:08:05.000-06:00
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
@@ -1,3 +1,4 @@
+---
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
diff --git a/.github/workflows/msdo.yml b/.github/workflows/msdo.yml
@@ -0,0 +1,36 @@
+---
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: MSDO
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "0 0 * * 0"
+
+permissions: {}
+
+jobs:
+  lint:
+    name: MSDO
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run Microsoft Security DevOps scanner
+        uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0
+        id: msdo
+
+      - name: Upload MSDO scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        with:
+          sarif_file: ${{ steps.msdo.outputs.sarifFile }}

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+---`
`1`	`2`	`# This workflow uses actions that are not certified by GitHub.`
`2`	`3`	`# They are provided by a third-party and are governed by`
`3`	`4`	`# separate terms of service, privacy policy, and support`