---
name: Flawfinder Scan

on:
  push:
    branches: [master, develop]
    paths-ignore:
      - "**.md"
      - "version.properties"

jobs:
  flawfinder:
    runs-on: ubuntu-latest
    name: Flawfinder

    steps:
      # step 1
      - name: clone application source code
        uses: actions/checkout@v4

      # step 2
      - name: flawfinder_scan
        uses: david-a-wheeler/flawfinder@2.0.19
        with:
          arguments: "--sarif ./"
          output: "flawfinder_report.sarif"

      # step 3
      - name: save report as pipeline artifact
        uses: actions/upload-artifact@v4
        with:
          name: flawfinder_report.sarif
          overwrite: true
          path: flawfinder_report.sarif

      # step 4
      - name: publish code scanning alerts
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: flawfinder_report.sarif
          category: flawfinder