Skip to content

Commit 1f31eed

Browse files
committed
feat: add GitHub workflows for OpenSSF Scorecard and Security Audit
1 parent e0d4c1c commit 1f31eed

3 files changed

Lines changed: 78 additions & 2 deletions

File tree

.github/workflows/scorecard.yml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
name: OpenSSF Scorecard
2+
3+
on:
4+
push:
5+
branches: [main]
6+
schedule:
7+
# Run every Monday at 08:30 UTC
8+
- cron: "30 8 * * 1"
9+
workflow_dispatch:
10+
11+
permissions: read-all
12+
13+
jobs:
14+
scorecard:
15+
name: Scorecard Analysis
16+
runs-on: ubuntu-latest
17+
permissions:
18+
security-events: write
19+
id-token: write
20+
contents: read
21+
actions: read
22+
23+
steps:
24+
- name: Checkout
25+
uses: actions/checkout@v4
26+
with:
27+
persist-credentials: false
28+
29+
- name: Run Scorecard
30+
uses: ossf/scorecard-action@v2.4.0
31+
with:
32+
results_file: scorecard-results.sarif
33+
results_format: sarif
34+
publish_results: true
35+
36+
- name: Upload SARIF results
37+
uses: github/codeql-action/upload-sarif@v3
38+
with:
39+
sarif_file: scorecard-results.sarif
40+
category: scorecard

.github/workflows/security.yml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
name: Security Audit
2+
3+
on:
4+
push:
5+
branches: [main]
6+
pull_request:
7+
branches: [main]
8+
schedule:
9+
# Run every Monday at 08:00 UTC
10+
- cron: "0 8 * * 1"
11+
workflow_dispatch:
12+
13+
permissions:
14+
contents: read
15+
16+
jobs:
17+
audit:
18+
name: Dependency Audit
19+
runs-on: ubuntu-latest
20+
steps:
21+
- name: Checkout
22+
uses: actions/checkout@v4
23+
24+
- name: Setup Vite+
25+
uses: voidzero-dev/setup-vp@v1
26+
with:
27+
node-version: "25"
28+
cache: true
29+
run-install: true
30+
31+
- name: Run dependency audit
32+
run: vp pm audit --audit-level=high

README.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,14 @@
1010
<p><strong>Try it here →</strong> <a href="http://bytepdf.app/">bytepdf.app</a></p>
1111

1212
<p>
13-
<img src="https://img.shields.io/github/actions/workflow/status/sumitsahoo/bytepdf/deploy.yml" alt="Build status" />
14-
<img src="https://img.shields.io/github/deployments/sumitsahoo/bytepdf/github-pages" alt="Deployment" />
13+
<img src="https://img.shields.io/github/actions/workflow/status/sumitsahoo/bytepdf/deploy.yml?label=build" alt="Build status" />
14+
<img src="https://img.shields.io/github/deployments/sumitsahoo/bytepdf/github-pages?label=deploy" alt="Deployment" />
1515
<a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="MIT License" /></a>
1616
</p>
17+
<p>
18+
<img src="https://img.shields.io/github/actions/workflow/status/sumitsahoo/bytepdf/security.yml?label=security%20audit" alt="Security audit" />
19+
<a href="https://securityscorecards.dev/viewer/?uri=github.com/sumitsahoo/bytepdf"><img src="https://api.securityscorecards.dev/projects/github.com/sumitsahoo/bytepdf/badge" alt="OpenSSF Scorecard" /></a>
20+
</p>
1721

1822
</div>
1923

0 commit comments

Comments
 (0)