name: Psalm Static Analyzer on: push: branches: [ "main" ] pull_request: branches: [ "main" ] permissions: contents: read jobs: Psalm: name: Psalm Scanner runs-on: ubuntu-latest permissions: contents: read security-events: write actions: read steps: - name: Checkout Source Code uses: actions/checkout@v4 - name: Run Psalm uses: docker://ghcr.io/psalm/psalm-github-actions with: security_analysis: true report_file: psalm-results.sarif - name: Upload Analysis Results uses: github/codeql-action/upload-sarif@v3 with: sarif_file: psalm-results.sarif wait-for-processing: true