Scan tags and commit hashes in GitHub Action

Scanning tags and commit hashes

Currently available only for GitHub Actions

Updated on October 25, 2023

When using the SOOS GitHub Action, add the ref parameter to the actions/checkout@master definition to specify a commit hash, tag, or branch to scan something other than the full contents of a branch.

In the following example we are scanning the tag v1.0.0

on: [push]

jobs:
  soos-sca-analysis:
    name: SOOS SCA Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          ref: "v1.0.0"
      - name: Run SOOS SCA Analysis
        uses: soos-io/soos-sca-github-action@v1.2.3
        with:
          client_id: ${{ secrets.SOOS_CLIENT_ID }}
          api_key: ${{ secrets.SOOS_API_KEY }}
          project_name: "sca scanning tag v1.0.0"