OJ-48980 Add User-Agent Header to MCP (#12) #37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Endor Labs Dependency Scan | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: {} | |
| jobs: | |
| scan: | |
| permissions: | |
| contents: read # Used to check out a private repository | |
| id-token: write # Used for keyless authentication with Endor Labs | |
| issues: write # Required to automatically comment on PRs for new policy violations | |
| pull-requests: write # Required to automatically comment on PRs for new policy violations | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Install pre-reqs | |
| run: | | |
| pip install --user uv | |
| uv venv | |
| source .venv/bin/activate | |
| uv pip install . | |
| - name: Endor Labs Scan Pull Request | |
| if: github.event_name == 'pull_request' | |
| uses: endorlabs/github-action@v1.1.7 | |
| with: | |
| namespace: "jellyfish" # Replace with your Endor Labs tenant namespace | |
| scan_dependencies: true | |
| scan_secrets: false | |
| pr: true | |
| pr_baseline: "main" | |
| github_token: ${{ secrets.GITHUB_TOKEN }} # Required for PR comments on new policy violations | |
| additional_args: "--exit-on-policy-warning" | |
| - name: Endor Labs Scan Push to main | |
| if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| uses: endorlabs/github-action@v1.1.7 | |
| with: | |
| namespace: "jellyfish" # Replace with your Endor Labs tenant namespace | |
| scan_dependencies: true | |
| scan_secrets: false | |
| pr: false |