From c24e5a78b1c4612da00303564e8231d7a64971ae Mon Sep 17 00:00:00 2001
From: Divyanshu Agrawal <diagrawa@redhat.com>
Date: Thu, 10 Mar 2022 18:54:18 +0530
Subject: [PATCH] Add CRDA scan workflow (#63)

Signed-off-by: divyansh42 <diagrawa@redhat.com>
---
 .github/workflows/security_scan.yml | 35 +++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 .github/workflows/security_scan.yml

diff --git a/.github/workflows/security_scan.yml b/.github/workflows/security_scan.yml
new file mode 100644
index 0000000..149f440
--- /dev/null
+++ b/.github/workflows/security_scan.yml
@@ -0,0 +1,35 @@
+name: Vulnerability Scan with CRDA
+on:
+  push:
+  workflow_dispatch:
+  pull_request_target:
+    types: [ assigned, opened, synchronize, reopened, labeled, edited ]
+  schedule:
+    - cron: '0 0 * * *'  # every day at midnight
+
+jobs:
+  crda-scan:
+    runs-on: ubuntu-20.04
+    name: Scan project vulnerability with CRDA
+    steps:
+
+      - uses: actions/checkout@v2
+
+      - name: Setup Node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+
+      - name: Install CRDA
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          source: github
+          github_pat: ${{ github.token }}
+          crda: "latest"
+
+      - name: CRDA Scan
+        id: scan
+        uses: redhat-actions/crda@v1
+        with:
+          crda_key: ${{ secrets.CRDA_KEY }}
+          fail_on: never