From a911c98f502f9ac3558f84a5eef37b78d7d5974d Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Mon, 16 Jun 2025 10:20:09 +1200 Subject: [PATCH] ci: run `osv-detector` --- .github/workflows/ci.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74c54604..ae1be5d1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,17 @@ concurrency: permissions: {} jobs: + audit: + permissions: + contents: read # to fetch code (actions/checkout) + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Audit dependencies for security vulnerabilities + uses: g-rath/check-with-osv-detector@0e8c0f954d8618a3a4671eca1918b30b2d085af3 # v0.2.0 ruff: permissions: contents: read # to fetch code (actions/checkout)