on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

enabled: false runAsUser: 1000 runAsGroup: 1000 resources: requests: memory: 128Mi # Command to run after the main command on exit exitCommand: "" ## List of users to be created after minio install ## users: ## Username, password and policy to be assigned to the user ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management ## NOTE:...

name: "Code scanning - action"

on:
  push:
    branches: [ main, master, release ]
  schedule:
    - cron: '0 5 * * *'

permissions:
  contents: read

jobs:
  CodeQL-Build:

    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results

    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## List of users to be created after minio install
##
users:
  ## Username, password and policy to be assigned to the user
  ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]

          - pkg: slices
            desc: "do not use slices; use istio.io/istio/pkg/slices instead"
      DenyOperatorAndIstioctl:
        files:
          # Tests can do anything
          - "!$test"
          # Main code should only be used by appropriate binaries
          - "!**/operator/**"
          - "!**/istioctl/**"
          - "!**/tools/bug-report/**"