chore: Gosec - enable security linting (#585)

#### What this PR does / why we need it see: open-component-model/ocm-project#270 #### Which issue(s) this PR fixes fixes: #583
open-component-model · Jan 30, 2025 · 36a5bee · 36a5bee
1 parent 9820689
commit 36a5bee
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml
@@ -0,0 +1,20 @@
+name: "Code scanning"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "26 14 * * 2"
+
+jobs:
+  gosec:
+    permissions:
+      # Required to upload SARIF files
+      security-events: write
+      # for actions/checkout to fetch code
+      contents: read
+    # call reusable workflow from central '.github' repo
+    uses: open-component-model/.github/.github/workflows/code-scan.yml@main
+    secrets: inherit