Skip to content
Security Scan

Security Scan #291

Sign in to view logs

Security Scan

Security Scan #291

Workflow file for this run

.github/workflows/security.yml at f51da4d
name: Security Scan
on:
push:
branches: [ main, master, develop ]
pull_request:
branches: [ main, master, develop ]
schedule:
# Run daily at 2 AM UTC
- cron: '0 2 * * *'
workflow_dispatch:
jobs:
codeql-analysis:
name: CodeQL Security Analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
queries: +security-and-quality
config: |
paths-ignore:
- public
- dist
- node_modules
- '**/*.min.js'
- '**/*.bundle.js'
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"
dependency-scan:
name: Dependency Security Scan
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run npm audit
run: npm audit --audit-level=moderate
continue-on-error: true
- name: Check for known vulnerabilities
run: npm audit --json > security-audit.json
continue-on-error: true
- name: Upload audit results
uses: actions/upload-artifact@v4
if: always()
with:
name: security-audit
path: security-audit.json
retention-days: 30
security-summary:
name: Security Summary
runs-on: ubuntu-latest
needs: [codeql-analysis, dependency-scan]
if: always()
steps:
- name: Summary
run: |
echo "## Security Scan Complete 🔒" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "✅ CodeQL Analysis: ${{ needs.codeql-analysis.result }}" >> $GITHUB_STEP_SUMMARY
echo "✅ Dependency Scan: ${{ needs.dependency-scan.result }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "View detailed results in the workflow artifacts and security tab." >> $GITHUB_STEP_SUMMARY