name: scan on: workflow_dispatch: push: branches: [ 'main', 'release/**' ] pull_request: branches: [ 'main', 'release/**' ] schedule: - cron: '18 10 * * 3' permissions: read-all jobs: analyze: permissions: contents: read # for reading the repository code. security-events: write # for uploading the CodeQL analysis results. uses: fluxcd/gha-workflows/.github/workflows/code-scan.yaml@v0.4.0 secrets: github-token: ${{ secrets.GITHUB_TOKEN }} fossa-token: ${{ secrets.FOSSA_TOKEN }}