FAQ

Scanning Tags and Commit Hashes with GitHub Actions

1min

For most CI/CD systems/workflows, scanning a specific tag or commit hash can be accomplished by creating a job which checks out the code at a specific tag or commit, and then runs the desired SOOS scan﻿ against that code.
When using the SOOS GitHub Action, add the ref parameter to the actions/checkout@master definition to specify a commit hash, tag, or branch to scan.
In the following example we are scanning the tag v1.0.0
on: [push]

jobs:
  soos-sca-analysis:
    name: SOOS SCA Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          ref: "v1.0.0"
      - name: Run SOOS SCA Analysis
        uses: soos-io/[email protected]
        with:
          client_id: ${{ secrets.SOOS_CLIENT_ID }}
          api_key: ${{ secrets.SOOS_API_KEY }}
          project_name: "sca scanning tag v1.0.0"
﻿

Updated 25 Feb 2025

Did this page help you?

Scanning Development Dependencies

Branch is Not Being Scanned