Skip to content
Security Scan

deps(dev)(deps-dev): Bump @eslint/js from 9.39.2 to 9.39.3 in /SortVision #81

Sign in to view logs

deps(dev)(deps-dev): Bump @eslint/js from 9.39.2 to 9.39.3 in /SortVision

deps(dev)(deps-dev): Bump @eslint/js from 9.39.2 to 9.39.3 in /SortVision #81

Workflow file for this run

.github/workflows/security-scan.yml at a1e198b
name: Security Scan
on:
push:
branches: [ main, master, develop ]
paths-ignore:
- '**.md'
- 'issue/**'
pull_request:
branches: [ main, master, develop ]
paths-ignore:
- '**.md'
- 'issue/**'
schedule:
- cron: '0 0 * * 0'
defaults:
run:
working-directory: ./SortVision
jobs:
security-audit:
name: Security Vulnerability Scan
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 10.28.1
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'pnpm'
cache-dependency-path: './SortVision/pnpm-lock.yaml'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run pnpm audit
run: |
pnpm audit --production --audit-level=moderate || true
pnpm audit --production --json > audit-results.json || true
- name: Check for secrets
uses: trufflesecurity/trufflehog@main
with:
extra_args: --only-verified
- name: Upload audit results
if: always()
uses: actions/upload-artifact@v6
with:
name: security-audit-results
path: SortVision/audit-results.json
retention-days: 90
- name: Generate security summary
if: always()
run: |
echo "## Security Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Security scan completed at $(date)" >> $GITHUB_STEP_SUMMARY
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: moderate
base-ref: ${{ github.event.pull_request.base.sha }}
head-ref: ${{ github.event.pull_request.head.sha }}