twyn/.github/workflows/security.yml at 3d8a6b6b3f32fcf8c05efebc17b91096686609ce · elementsinteractive/twyn · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# This workflow will run some security checks against our project

name: Security

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]

jobs:
  osv-scanner:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/google/osv-scanner:v1.9.2
    steps:
      - uses: actions/checkout@v4
      - name: Run OSV Scanner
        run: |
          /osv-scanner --skip-git --format table -r .
  semgrep:
    runs-on: ubuntu-latest
    container:
      image: returntocorp/semgrep:latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Semgrep
        run: |
          semgrep scan --config auto
  twyn:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: "3.13"
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          python -m pip install poetry
          poetry install --only main
      - name: Run Twyn against our dependencies
        run: |
          poetry run twyn --version
          poetry run twyn run -vv