Security #37

	name: Security

	on:
	push:
	branches: [ main, master, develop ]
	pull_request:
	branches: [ main, master, develop ]
	schedule:
	# Run security audit weekly on Sundays at 6 AM UTC
	- cron: '0 6 * * 0'

	env:
	CARGO_TERM_COLOR: always

	jobs:
	security-audit:
	name: Security Audit
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v5

	- name: Install Rust toolchain
	uses: dtolnay/rust-toolchain@stable

	- name: Cache cargo dependencies
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	key: audit-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}

	- name: Install cargo-audit
	run: cargo install cargo-audit

	- name: Run cargo audit
	run: cargo audit

	- name: Run cargo audit (JSON output)
	run: cargo audit --json > audit-results.json
	continue-on-error: true

	- name: Upload audit results
	uses: actions/upload-artifact@v4
	with:
	name: security-audit-results
	path: audit-results.json
	retention-days: 30

	supply-chain-security:
	name: Supply Chain Security
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v5

	- name: Install Rust toolchain
	uses: dtolnay/rust-toolchain@stable

	- name: Cache cargo dependencies
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	key: supply-chain-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}

	- name: Install cargo-deny
	run: cargo install cargo-deny

	- name: Run cargo deny
	run: cargo deny check

Provide feedback