# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5

      # Upload the results to GitHub's code scanning dashboard.

        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
        uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.11.6
        with:

services.aero setagaya.tokyo.jp seto.aichi.jp setouchi.okayama.jp settlement.museum settlers.museum settsu.osaka.jp sevastopol.ua seven sew sex sex.hu sex.pl sexy sf.no sfr sg sg-1.paas.massivegrid.net sh sh.cn shacknet.nu shakotan.hokkaido.jp shangrila shari.hokkaido.jp sharp shaw shell shell.museum sherbrooke.museum shia shibata.miyagi.jp shibata.niigata.jp shibecha.hokkaido.jp shibetsu.hokkaido.jp shibukawa.gunma.jp shibuya.tokyo.jp shichikashuku.miyagi.jp shichinohe.aomori.jp shiftcrypto.dev shiftcrypto.io...

name: OSV-Scanner Scheduled Scan

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'

    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        # Override automatic language detection by changing the below list