From 1e6c7e23ed33aa01f9697636ab8f62b9f024b4d0 Mon Sep 17 00:00:00 2001
From: Mandimby RAVELOARINJAKA <mandimby.raveloarinjaka@gmail.com>
Date: Mon, 25 Sep 2023 00:31:12 +0900
Subject: [PATCH] Create clj-watson.yml

---
 .github/workflows/clj-watson.yml | 56 ++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 .github/workflows/clj-watson.yml

diff --git a/.github/workflows/clj-watson.yml b/.github/workflows/clj-watson.yml
new file mode 100644
index 0000000..a08539b
--- /dev/null
+++ b/.github/workflows/clj-watson.yml
@@ -0,0 +1,56 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# clj-watson scans dependencies in a clojure deps.edn
+# seeking for vulnerable direct/transitive dependencies and
+# build a report with all the information needed to help you
+# understand how the vulnerability manifest in your software.
+# More details at https://github.com/clj-holmes/clj-watson
+
+name: clj-watson
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '16 21 * * 6'
+
+permissions:
+  contents: read
+
+jobs:
+  clj-holmes:
+    name: Run clj-watson scanning
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Dependency scan
+        uses: clj-holmes/clj-watson-action@b4c3623c4d603932e60e6012a3a1db7bc60058c2
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        with:
+          clj-watson-sha: "65d928c"
+          clj-watson-tag: "v4.0.1"
+          database-strategy: github-advisory
+          aliases: clojure-lsp,test
+          deps-edn-path: deps.edn
+          suggest-fix: true
+          output-type: sarif
+          output-file: clj-watson-results.sarif
+          fail-on-result: false
+
+      - name: Upload analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: clj-watson-results.sarif
+          wait-for-processing: true