Skip to content

Commit a464c00

Browse files
action-security-code-scanner[bot]MetaMask Security Botmikesposito
authored
chore: add MetaMask Security Code Scanner workflow (#6)
This PR adds the MetaMask Security Code Scanner workflow to enable automated security scanning of the codebase. The scanner will run on: - Push to main branch - Pull requests to main branch - Manual workflow dispatch To configure the scanner for your repository's specific needs, please review the workflow file and adjust as necessary. Co-authored-by: MetaMask Security Bot <security-bot@metamask.io> Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com>
1 parent 4c138bc commit a464c00

1 file changed

Lines changed: 51 additions & 0 deletions

File tree

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
name: MetaMask Security Code Scanner
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
pull_request:
8+
branches:
9+
- main
10+
workflow_call:
11+
secrets:
12+
SECURITY_SCAN_METRICS_TOKEN:
13+
required: false
14+
APPSEC_BOT_SLACK_WEBHOOK:
15+
required: false
16+
workflow_dispatch:
17+
18+
jobs:
19+
security-scan:
20+
uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2
21+
permissions:
22+
actions: read
23+
contents: read
24+
security-events: write
25+
with:
26+
repo: ${{ github.repository }}
27+
scanner-ref: 'v2'
28+
paths-ignored: |
29+
node_modules
30+
**/node_modules/**
31+
**/__snapshots__/**
32+
__snapshots_linux__
33+
**/__stories__/**
34+
.storybook/
35+
**/*.test.ts
36+
**/*.test.tsx
37+
**/*.test.js
38+
**/*.test.jsx
39+
**/*.spec.ts
40+
**/*.spec.tsx
41+
**/*.spec.js
42+
**/*.spec.jsx
43+
**/test*/**
44+
**/e2e/**
45+
**/tests/**
46+
languages-config: |
47+
[
48+
]
49+
secrets:
50+
project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
51+
slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}

0 commit comments

Comments
 (0)