Skip to content
Security Audit

Security Audit #8

Sign in to view logs

Security Audit

Security Audit #8

Workflow file for this run

.github/workflows/security.yml at 40d2540
name: Security Audit
on:
push:
branches:
- master
- main
pull_request:
branches:
- master
- main
schedule:
# Run weekly on Monday at 00:00 UTC
- cron: '0 0 * * 1'
jobs:
security-audit:
name: Security and License Compliance
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20.x'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run npm audit
run: |
echo "🔍 Running npm security audit..."
npm audit --audit-level=moderate || {
echo "⚠️ Security audit found issues"
echo "Run 'npm audit' locally for details"
# Don't fail the build for audit warnings, but report them
exit 0
}
echo "✅ Security audit passed"
- name: Check license compliance
run: |
echo "📋 Checking license compliance..."
if command -v license-checker &> /dev/null; then
npm install -g license-checker
fi
if command -v license-checker &> /dev/null; then
license-checker --summary || {
echo "⚠️ License compliance check found issues"
echo "Run 'npm run security:licenses' locally for details"
exit 0
}
echo "✅ License compliance check passed"
else
echo "ℹ️ license-checker not available - installing..."
npm install -g license-checker
license-checker --summary || {
echo "⚠️ License compliance check found issues"
exit 0
}
echo "✅ License compliance check passed"
fi
- name: Dependency vulnerability summary
run: |
echo "📊 Generating dependency vulnerability summary..."
npm audit --json > audit-report.json || true
if [ -f audit-report.json ]; then
echo "Audit report generated (non-blocking)"
fi