Skip to content

Dependency Audits

Dependency Audits #2

Workflow file for this run

name: Dependency Audits
on:
workflow_call:
schedule:
# Fire every Monday at 04:00 UTC
- cron: "0 4 * * 1"
workflow_dispatch:
# Trigger on pushes to any branch except main, because main pushes already trigger
# the Publish Images workflow, which we monitor via the workflow_call event above.
push:
branches-ignore:
- main
pull_request:
# Don't grant any access by default
permissions: {}
jobs:
audit:
name: Dependency Audits
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-audit-${{ matrix.package-ecosystems.target }}
cancel-in-progress: true
permissions:
contents: read
issues: write
strategy:
fail-fast: false
# Run on the standard image only, assuming that it contains all the packages of the slim version
matrix:
package-ecosystems:
- name: composer
target: composer-audit
- name: npm
target: npm-audit
- name: pip
target: pip-audit
- name: trivy
target: trivy
timeout-minutes: 120
env:
CONTAINER_IMAGE_TARGET: standard
STAGES_BUILD_CACHE_CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:latest"
steps:
- name: Checkout Code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
- name: Run Audits (${{ matrix.package-ecosystems.name }})
run: make ${{ matrix.package-ecosystems.target }}