Skip to content

gemini/security-workflows-public

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
README.md
README.md
 
 

Repository files navigation

security-workflows-public

Public AppSec tooling from Gemini's security engineering team, adapted for use in open source projects.

What's Here

This repository contains security workflows, scanners, and automation tools for securing Gemini's open source projects.

Workflows

Semgrep OSS

.github/workflows/semgrep.yml

Runs Semgrep static analysis on pull requests and on a weekly schedule. Uses community rulesets (p/default, p/security-audit, p/owasp-top-ten) with no Semgrep account or token required. Findings are uploaded to GitHub Code Scanning.

Scan for Secrets

.github/workflows/scan-for-secrets.yml

Scans pull requests for verified secrets using TruffleHog. Only reports verified findings to minimize noise. No token or license required.

Contributing

This repository is maintained by Gemini's AppSec team. External contributions and feedback are welcome via GitHub Issues.

License

See LICENSE for details.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors