-
Notifications
You must be signed in to change notification settings - Fork 5.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new issue template for Code Scanning partners
- Loading branch information
Showing
1 changed file
with
30 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
name: Code Scanning onboarding | ||
about: Captures all the information and tasks required to onboard a 3rd party project into Code Scanning | ||
title: 'Code Scanning Partner: ' | ||
labels: 'code scanning' | ||
assignees: '' | ||
|
||
--- | ||
|
||
:wave: Thanks for your interest in integrating with Code Scanning! To ensure a swift onboarding of your integration, please provide the following `Requested information` and complete the `Action items` below: | ||
|
||
## Requested information | ||
- [ ] Name of your integration: | ||
- [ ] Name of your product / company: | ||
- [ ] Description of your integration: | ||
- [ ] Languages supported by your integration: | ||
- [ ] [For integrations leveraging GitHub Actions] PR for your proposed workflow: | ||
- [ ] URL to an SVG logo representing your integration / product / company: | ||
|
||
## Action items | ||
- [ ] Apply to join the GitHub Technology Partner Program: [partner.github.com/apply](https://partner.github.com/apply?partnershipType=Technology+Partner) | ||
- [ ] Develop your integration, by _either_ [following this guide for GitHub Actions](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions), or [integrating directly with the REST API](https://docs.github.com/en/rest/reference/code-scanning#upload-a-sarif-file) | ||
- [ ] [For integrations leveraging GitHub Actions] Submit a PR in this repo for your proposed starter workflow. The workflow should: | ||
- [ ] Live in [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/code-scanning) | ||
- [ ] Have a filename that is in accordance with your product / service / business name, in [_kebab-cased_ format](https://en.wikipedia.org/wiki/Kebab_case), with a `.yml` file extension | ||
- [ ] Include comments describing the workflow’s behavior ([example](https://github.com/actions/starter-workflows/blob/c59b62dee0eae1f9f368b7011cf05c2fc42cf084/code-scanning/codeql.yml#L1-L11)) | ||
- [ ] Trigger on push, pull_request, and schedule events ([example](https://github.com/actions/starter-workflows/blob/c59b62dee0eae1f9f368b7011cf05c2fc42cf084/code-scanning/codeql.yml#L14-L21)) | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
swinton
Author
Contributor
|
||
- [ ] Reference your GitHub Action using a 40-char commit SHA (e.g. `uses: github/codeql-action@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412`) | ||
- [ ] Update the `Requested information` above, ensuring all details are correct | ||
- [ ] When ready, please ping `@actions/advanced-security-code-scanning` in a comment below, for a review :bow: |
1 comment
on commit 8da6f2e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
learning
@swinton I think we probably want to specify that they should basically copy/paste the triggers section from the template CodeQL workflow, as those represent best practice/user experience.