mirror of
https://github.com/hpd840321/craftlabs-authorization-sdk.git
synced 2026-06-09 18:10:30 +08:00
54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
name: ci-security
|
|
|
|
on:
|
|
push:
|
|
branches: [main, master, develop]
|
|
pull_request:
|
|
branches: [main, master, develop]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
trivy-maven-modules:
|
|
name: Trivy (Java / Maven manifests)
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- scan-ref: services
|
|
- scan-ref: java
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Run Trivy filesystem scan
|
|
uses: aquasecurity/trivy-action@0.28.0
|
|
with:
|
|
scan-type: fs
|
|
scan-ref: ${{ matrix.scan-ref }}
|
|
scanners: vuln
|
|
vuln-type: os,library
|
|
severity: CRITICAL,HIGH
|
|
exit-code: "1"
|
|
ignore-unfixed: true
|
|
|
|
npm-audit-ui:
|
|
name: npm audit (delivery-platform-ui)
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
defaults:
|
|
run:
|
|
working-directory: web/delivery-platform-ui
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
cache: npm
|
|
cache-dependency-path: web/delivery-platform-ui/package-lock.json
|
|
- name: Install and audit
|
|
run: |
|
|
npm ci
|
|
npm audit --audit-level=high
|