leetcode-py/.github/workflows/security.yml at main · wislertt/leetcode-py · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: security
on:
    push:
    workflow_dispatch:
    schedule:
        - cron: "0 4 * * *" # run once a day at 4 AM

jobs:
    trivy-scan:
        runs-on: ubuntu-latest

        steps:
            - name: Checkout repository
              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Run Trivy dependency scan
              uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
              with:
                  scan-type: fs
                  format: table
                  exit-code: "1"
                  vuln-type: "os,library"

    gitleaks:
        name: gitleaks
        runs-on: ubuntu-latest

        steps:
            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
              with:
                  fetch-depth: 0

            - uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}