Patryk-Kuchta/Portfolio
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf8cd6f903d6be2aa9ec1e6fea205835de3d8e9c
Portfolio/.github/workflows/security-audit.yml
KuchtaVR6 674a8b00e2 fix: pipelines
2026-02-22 17:52:12 +00:00

74 lines
1.7 KiB
YAML
Raw Blame History

name: Security Audit
on:
push:
branches:
- main
- master
- develop
pull_request:
branches:
- main
- master
- develop
schedule:
- cron: '0 0 * * 1'
jobs:
security-audit:
name: Security Vulnerability Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run pnpm audit
run: pnpm audit --audit-level=moderate
continue-on-error: true
- name: Generate security report
run: pnpm run security:check
- name: Check for outdated dependencies
run: pnpm outdated || true
- name: Upload security report
uses: actions/upload-artifact@v4
if: always()
with:
name: security-report
path: security-report.json
retention-days: 30
- name: Notify on high/critical vulnerabilities
if: failure()
run: |
echo "::error::Security vulnerabilities detected! Check the security report artifact for details."
Reference in New Issue View Git Blame Copy Permalink