Skip to content
Security Scan

Security Scan #126

Sign in to view logs

Security Scan

Security Scan #126

Workflow file for this run

.github/workflows/security.yml at 52b5c33
name: Security Scan
on:
pull_request:
paths:
- 'services/backend/**'
- 'services/frontend/**'
- 'services/analytics/**'
- '.github/workflows/security.yml'
schedule:
- cron: '0 4 * * 1'
workflow_dispatch:
permissions:
contents: read
pull-requests: write
jobs:
backend-dependency-check:
name: Backend Dependency Check
runs-on: ubuntu-latest
defaults:
run:
working-directory: services/backend
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Run OWASP Dependency Check
run: ./mvnw -B org.owasp:dependency-check-maven:check -DskipTests
frontend-npm-audit:
name: Frontend npm audit
runs-on: ubuntu-latest
defaults:
run:
working-directory: services/frontend
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '20'
- name: Cache node modules
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('services/frontend/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Install dependencies
run: npm install --production --ignore-scripts
- name: Run npm audit
run: npm audit --audit-level=high
analytics-pip-audit:
name: Analytics pip audit
runs-on: ubuntu-latest
defaults:
run:
working-directory: services/analytics
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.12'
- name: Cache uv
uses: actions/cache@v3
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-${{ hashFiles('services/analytics/pyproject.toml') }}
restore-keys: |
${{ runner.os }}-uv-
- name: Install uv
run: pip install uv
- name: Install dependencies
run: uv pip install --system -e .
- name: Install pip-audit
run: pip install pip-audit
- name: Run pip-audit
run: pip-audit