This repository was archived by the owner on Jul 23, 2025. It is now read-only.
File tree Expand file tree Collapse file tree 2 files changed +41
-0
lines changed
Expand file tree Collapse file tree 2 files changed +41
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Security checks
2+
3+ on :
4+ workflow_call :
5+
6+ jobs :
7+ trivy :
8+ name : Trivy scan
9+ runs-on : ubuntu-latest
10+ steps :
11+ - name : Checkout repository
12+ uses : actions/checkout@v4
13+
14+ - name : Scan repo
15+ uses : aquasecurity/trivy-action@0.29.0
16+ with :
17+ scan-type : ' fs'
18+ scan-ref : ' .'
19+ scanners : ' vuln,secret,config'
20+ exit-code : ' 1'
21+ ignore-unfixed : ' true'
22+ severity : ' MEDIUM,HIGH,CRITICAL'
23+
24+ npm-audit :
25+ name : NPM audit
26+ runs-on : ubuntu-latest
27+ steps :
28+ - name : Checkout repository
29+ uses : actions/checkout@v4
30+
31+ - name : Set up Node.js
32+ uses : actions/setup-node@v4
33+ with :
34+ node-version : ' 22'
35+
36+ - name : Run npm audit
37+ run : npm audit --omit=dev --audit-level=moderate
Original file line number Diff line number Diff line change @@ -7,6 +7,10 @@ permissions:
77 contents : read
88
99jobs :
10+ security :
11+ name : Security checks
12+ uses : ./.github/workflows/_security-checks.yaml
13+
1014 static-checks :
1115 name : Static checks
1216 uses : ./.github/workflows/_static-checks.yaml
You can’t perform that action at this time.
0 commit comments