Skip to content

Commit 686ea44

Browse files
committed
feat: add GitHub Actions workflow for security checks
- Introduced a new workflow in `.github/workflows/security.yml` to automate security checks on push and pull request events for the `develop` and `main` branches. - The workflow includes steps for checking out the repository, setting up Node.js, installing dependencies, running an NPM audit, and scanning the git history for secrets using Trufflehog.
1 parent d10c5c4 commit 686ea44

1 file changed

Lines changed: 38 additions & 0 deletions

File tree

.github/workflows/security.yml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
name: Security checks
2+
3+
on:
4+
push:
5+
branches:
6+
- develop
7+
- main
8+
pull_request:
9+
branches:
10+
- develop
11+
- main
12+
13+
jobs:
14+
audit-and-secret-scan:
15+
runs-on: ubuntu-latest
16+
17+
steps:
18+
- name: Checkout repository
19+
uses: actions/checkout@v4
20+
with:
21+
fetch-depth: 0
22+
23+
- name: Set up Node.js
24+
uses: actions/setup-node@v4
25+
with:
26+
node-version: 22.13.0
27+
cache: npm
28+
29+
- name: Install dependencies
30+
run: npm ci
31+
32+
- name: NPM audit (moderate)
33+
run: npm audit --audit-level=moderate
34+
35+
- name: Trufflehog git history scan
36+
run: npx trufflehog@latest git --repo-path . --entropy False --json --rules none
37+
env:
38+
TRUFFLEHOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 commit comments

Comments
 (0)