on: [push]

jobs:
  flawfinder:
    name: Flawfinder
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      # To use this repository's private action,
      # you must check out the repository
      - name: Checkout
        uses: actions/checkout@v2

      - name: Flawfinder action step
        uses: ./ # Uses an action in the root directory
        with:
          command: '--sarif ./ > flawfinder-results.sarif'

      - name: Upload analysis results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: ./flawfinder-results.sarif