Fix security scan workflow
Some checks failed
Lint & Format / detect (push) Failing after 43s
Lint & Format / js-lint (push) Has been skipped
Lint & Format / py-lint (push) Has been skipped
Lint & Format / sh-lint (push) Has been skipped
Lint & Format / go-lint (push) Has been skipped
Security Scan / scan (push) Failing after 39s
Some checks failed
Lint & Format / detect (push) Failing after 43s
Lint & Format / js-lint (push) Has been skipped
Lint & Format / py-lint (push) Has been skipped
Lint & Format / sh-lint (push) Has been skipped
Lint & Format / go-lint (push) Has been skipped
Security Scan / scan (push) Failing after 39s
This commit is contained in:
@@ -0,0 +1,38 @@
|
|||||||
|
name: Security Scan
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [main]
|
||||||
|
schedule:
|
||||||
|
- cron: '0 6 * * 1'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
scan:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Scan for secrets
|
||||||
|
run: |
|
||||||
|
echo "Scanning for potential secrets..."
|
||||||
|
FOUND=0
|
||||||
|
grep -rn 'AKIA\|ghp_\|gho_\|sk_live\|sk_test' \
|
||||||
|
--include='*.js' --include='*.py' --include='*.env' --include='*.sh' \
|
||||||
|
--exclude-dir=node_modules --exclude-dir=.git . && FOUND=1 || true
|
||||||
|
if [ "$FOUND" = "1" ]; then
|
||||||
|
echo "::warning::Potential secrets detected — review above matches"
|
||||||
|
else
|
||||||
|
echo "No secrets detected"
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Check npm dependencies
|
||||||
|
if: hashFiles('package.json') != ''
|
||||||
|
run: |
|
||||||
|
npm install --ignore-scripts 2>/dev/null
|
||||||
|
npm audit --audit-level=high || true
|
||||||
|
|
||||||
|
- name: Check Python dependencies
|
||||||
|
if: hashFiles('requirements.txt') != ''
|
||||||
|
run: |
|
||||||
|
pip install safety 2>/dev/null
|
||||||
|
safety check -r requirements.txt || true
|
||||||
|
|||||||
Reference in New Issue
Block a user