Skip to content
This repository was archived by the owner on Mar 24, 2026. It is now read-only.
Security

Security #20

Sign in to view logs

Security

Security #20

Workflow file for this run

.github/workflows/security.yml at f6c3d68
name: Security
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
# Run weekly on Sunday at midnight
- cron: '0 0 * * 0'
permissions:
contents: read
security-events: write
jobs:
# ============================================================================
# Dependency Audit
# ============================================================================
audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Generate lockfile
run: cargo generate-lockfile
- uses: rustsec/audit-check@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
# ============================================================================
# Supply Chain Security
# ============================================================================
supply-chain:
name: Supply Chain (cargo-deny)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check bans licenses sources
arguments: --all-features
# ============================================================================
# Semgrep SAST
# ============================================================================
semgrep:
name: Semgrep SAST
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]'
container:
image: semgrep/semgrep
steps:
- uses: actions/checkout@v4
- name: Run Semgrep
run: semgrep ci --suppress-errors
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}