From 70014135c9b2a373ab67115d00a2a6af717776bb Mon Sep 17 00:00:00 2001
From: Yong Yan <yanyong-gh@outlook.com>
Date: Wed, 23 Jun 2021 12:23:34 -0700
Subject: [PATCH] Update workflow

---
 .github/workflows/main.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e14c92e..8696459 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,9 +1,13 @@
 on: [push]
 
 jobs:
-  sarif:
-    runs-on: ubuntu-latest
+  flawfinder:
     name: Flawfinder
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     steps:
       # To use this repository's private action,
       # you must check out the repository
@@ -13,4 +17,9 @@ jobs:
       - name: Flawfinder action step
         uses: ./ # Uses an action in the root directory
         with:
-          command: '--version'
+          command: '--sarif ./ > flawfinder-results.sarif'
+
+      - name: Upload analysis results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: flawfinder-results.sarif