When using the SOOS GitHub Action, add the ref
parameter to the actions/checkout@master
definition to specify a commit hash, tag, or branch to scan something other than the full contents of a branch.
In the following example we are scanning the tag v1.0.0
on: [push] jobs: soos-sca-analysis: name: SOOS SCA Scan runs-on: ubuntu-latest steps: - uses: actions/checkout@master with: ref: "v1.0.0" - name: Run SOOS SCA Analysis uses: soos-io/soos-sca-github-action@v1.2.3 with: client_id: ${{ secrets.SOOS_CLIENT_ID }} api_key: ${{ secrets.SOOS_API_KEY }} project_name: "sca scanning tag v1.0.0"