feat: Implement server-side code execution via API and integrate with… #93

Workflow file for this run

.github/workflows/security.yml at 7e8fe83

	# ==============================================================================
	# Security Pipeline - Dependency Review & CodeQL
	# Runs on pull requests and weekly schedule
	# ==============================================================================

	name: Security

	on:
	pull_request:
	branches: [main, develop]
	push:
	branches: [main, develop]
	schedule:
	# Run weekly on Sundays at 00:00 UTC
	- cron: '0 0 * * 0'
	workflow_dispatch:

	permissions:
	contents: read
	security-events: write
	actions: read

	jobs:
	# ===========================================================================
	# Dependency Review (on PRs only)
	# ===========================================================================
	dependency-review:
	name: Dependency Review
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	steps:
	- name: Checkout code
	uses: actions/checkout@v6

	- name: Dependency Review
	uses: actions/dependency-review-action@v4
	with:
	fail-on-severity: high
	deny-licenses: GPL-3.0, AGPL-3.0

	# ===========================================================================
	# CodeQL Analysis
	# NOTE: Requires GitHub Advanced Security for private repos
	# Enable in: Settings → Security → Code security and analysis
	# To enable for private repo: Set repository variable ENABLE_CODEQL=true
	# ===========================================================================
	codeql:
	name: CodeQL Analysis
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	language: [javascript-typescript]
	steps:
	- name: Checkout code
	uses: actions/checkout@v6

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v4
	with:
	languages: ${{ matrix.language }}
	queries: +security-and-quality

	- name: Autobuild
	uses: github/codeql-action/autobuild@v4

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v4
	with:
	category: '/language:${{ matrix.language }}'

	# ===========================================================================
	# npm Audit
	# ===========================================================================
	npm-audit:
	name: npm Audit
	runs-on: ubuntu-latest
	strategy:
	matrix:
	project: [backend, frontend]
	steps:
	- name: Checkout code
	uses: actions/checkout@v6

	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: 24

	- name: Setup pnpm
	uses: pnpm/action-setup@v4
	with:
	version: 10.27.0

	- name: Audit ${{ matrix.project }}
	working-directory: ${{ matrix.project }}
	run: pnpm audit --audit-level=high
	continue-on-error: true

	# ===========================================================================
	# Security Summary
	# ===========================================================================
	security-summary:
	name: Security Summary
	runs-on: ubuntu-latest
	needs: [codeql, npm-audit]
	if: always()
	steps:
	- name: Summary
	run: \|
	echo "## 🔒 Security Scan Summary" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "\| Check \| Status \|" >> $GITHUB_STEP_SUMMARY
	echo "\|-------\|--------\|" >> $GITHUB_STEP_SUMMARY
	echo "\| CodeQL \| ${{ needs.codeql.result == 'success' && '✅ Passed' \|\| '⚠️ Check Results' }} \|" >> $GITHUB_STEP_SUMMARY
	echo "\| npm Audit \| ${{ needs.npm-audit.result == 'success' && '✅ Passed' \|\| '⚠️ Check Results' }} \|" >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Implement server-side code execution via API and integrate with… #93

Workflow file

feat: Implement server-side code execution via API and integrate with… #93

Uh oh!

Workflow file for this run