finicky9298/quixotic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3fb0d4322166fcee9a65c2cfad791ca44f1ba8c8
quixotic/.github/workflows/security.yml
Andrey Kondratev 3fb0d43221 sec fixes
2025-08-29 10:21:18 +05:00

63 lines
1.3 KiB
YAML
Raw Blame History

name: Security Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 6 * * 1' # Weekly on Monday at 6 AM
jobs:
security:
name: Security Vulnerability Scan
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'yarn'
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Run yarn audit
run: yarn audit --level high
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
docker-security:
name: Docker Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build Docker image for scanning
run: docker build -t quixotic:scan .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'quixotic:scan'
format: 'sarif'
output: 'trivy-results.sarif'
Reference in New Issue View Git Blame Copy Permalink