name: "CodeQL"

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  schedule:
    - cron: '38 11 * * 3'

permissions: {}

jobs:
  analyze:
    name: Analyze
    uses: anchore/workflows/.github/workflows/codeql.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0
    permissions:
      security-events: write
      packages: read
      actions: read
      contents: read