.github/workflows/osv-scanner.yml

name: OSV Scanner

on: push
  # schedule:
  #   - cron: '0 0 1 * *'

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
    
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
          
      - name: Scan for vulnerabilities
        id: osv_scan
        uses: docker://ghcr.io/google/osv-scanner:latest
        with:
          args: --format markdown -r .
          filename: ./VULNERABILITY.md
        continue-on-error: true
      
      - name: Save scan output to file
        run: |
          ls -a
          echo "${{ steps.osv_scan.outputs.stderr }}" | grep -vE '^((Scanning|Scanned).*)$' > VULNERABILITY.md
      
      - name: Create Pull Request
        id: cpr
        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          committer: GitHub <noreply@github.com>
          author: ${{ github.actor }} <${{ github.actor }}@gmail.com>
          signoff: true
          title: Add vulnerability report
          commit-message: Add vulnerability report
          body: |
            Update *Vulnerablity* report
          delete-branch: true
          labels: enhancement
          assignees: Kshitiz-Mhto
          reviewers: Kshitiz-Mhto
          draft: false

           