feat(ci): add Arbitrum Chain Security Scanner — wolf-pack multi-chain…

[romanchaa997]

… scanning

---

Summary by cubic

Adds an Arbitrum chain security scanner workflow that runs Slither and Foundry fork tests on a schedule and on demand, uploads SARIF to code scanning, and publishes reports and a step summary.

• New Features

  • New workflow .github/workflows/arbitrum-scan.yml scheduled weekly (Tue 07:00 UTC) and manual (scan_depth input).
  • Installs slither-analyzer@0.10.4 and Foundry (nightly) via foundry-rs/foundry-toolchain.
  • Runs Slither on the repo (excludes node_modules,test,lib) and uploads SARIF via github/codeql-action/upload-sarif (category slither-arbitrum).
  • Runs forge test against an Arbitrum fork (test/arbitrum/**) and saves JSON results.
  • Publishes a step summary with High/Medium counts and uploads all reports as artifacts (30-day retention).

• Migration

  • Add repo secret ARBITRUM_RPC_URL (required).
  • Add tests under test/arbitrum/** to enable fork tests (optional).

^{Written for commit bb3008f. Summary will update on new commits.}

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
app	Error		Apr 19, 2026 7:51pm

[netlify]

❌ Deploy Preview for audityzer failed. Why did it fail? →

Name	Link
🔨 Latest commit	bb3008f
🔍 Latest deploy log	https://app.netlify.com/projects/audityzer/deploys/69e5324fe443ec00081a4522

[netlify]

❌ Deploy Preview for audityzer-security-platform failed. Why did it fail? →

Name	Link
🔨 Latest commit	bb3008f
🔍 Latest deploy log	https://app.netlify.com/projects/audityzer-security-platform/deploys/69e5324fe5c997000813507d

[cubic-dev-ai]

2 issues found across 1 file

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/arbitrum-scan.yml">

<violation number="1" location=".github/workflows/arbitrum-scan.yml:8">
P3: `scan_depth` is declared for manual runs but never used, so changing it has no effect.</violation>

<violation number="2" location=".github/workflows/arbitrum-scan.yml:50">
P2: `--filter-paths` is configured with commas instead of regex alternation, so `test`/`lib` may not be excluded from Slither results.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: --filter-paths is configured with commas instead of regex alternation, so test/lib may not be excluded from Slither results.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/arbitrum-scan.yml, line 50:

<comment>`--filter-paths` is configured with commas instead of regex alternation, so `test`/`lib` may not be excluded from Slither results.</comment>

<file context>
@@ -0,0 +1,93 @@
+          slither . \
+            --json reports/arbitrum/slither-report.json \
+            --sarif reports/arbitrum/slither.sarif \
+            --filter-paths "node_modules,test,lib" \
+            --exclude-informational \
+            2>&1 | tee reports/arbitrum/slither-output.txt || true
</file context>

[cubic-dev-ai]

P3: scan_depth is declared for manual runs but never used, so changing it has no effect.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/arbitrum-scan.yml, line 8:

<comment>`scan_depth` is declared for manual runs but never used, so changing it has no effect.</comment>

<file context>
@@ -0,0 +1,93 @@
+    - cron: '0 7 * * 2'
+  workflow_dispatch:
+    inputs:
+      scan_depth:
+        description: 'Scan depth: quick | full'
+        required: false
</file context>