AeThex-Corporation/aethex-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
aethex-forge/.github/workflows/security.yml
Builder.io 84357d935f Prettier format pending files
2025-11-09 21:48:04 +00:00

45 lines
932 B
YAML
Raw Blame History

name: Security Scan
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
schedule:
- cron: "0 2 * * 0"
jobs:
semgrep:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Semgrep
uses: returntocorp/semgrep-action@v1
with:
generateSarif: true
config: |
p/security-audit
p/typescript
p/react
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: semgrep.sarif
if: always()
dependency-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run npm audit
run: npm audit --production --audit-level=moderate
continue-on-error: true
- name: Check for vulnerable dependencies
run: npm audit --production
continue-on-error: true
Reference in a new issue View git blame Copy permalink