mirror of
https://github.com/catlog22/Claude-Code-Workflow.git
synced 2026-02-28 09:23:08 +08:00
61e313a0c1
Migrated ccw-skill-hub to D:/ccw-skill-hub as independent git project. Removed nested git repos (ccw/frontend/ccw-skill-hub, skill-hub-repo, skill-hub-temp).
71 lines
1.6 KiB
YAML
71 lines
1.6 KiB
YAML
# Security scanning workflow for codex-lens
|
|
# Runs pip-audit to check for known vulnerabilities in dependencies
|
|
|
|
name: Security Scan
|
|
|
|
on:
|
|
# Run on push to main branch
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
# Run weekly on Sundays at 00:00 UTC
|
|
schedule:
|
|
- cron: '0 0 * * 0'
|
|
# Allow manual trigger
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
security-audit:
|
|
name: Dependency Vulnerability Scan
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.10'
|
|
cache: 'pip'
|
|
|
|
- name: Install pip-audit
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install pip-audit
|
|
|
|
- name: Run pip-audit on requirements.in
|
|
run: pip-audit --requirement requirements.in
|
|
continue-on-error: false
|
|
|
|
- name: Run pip-audit on pyproject.toml dependencies
|
|
run: pip-audit --project-path .
|
|
continue-on-error: false
|
|
|
|
- name: Check for safety issues
|
|
run: |
|
|
pip install safety
|
|
safety check --json || true
|
|
continue-on-error: true
|
|
|
|
bandit-security:
|
|
name: Code Security Linting
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.10'
|
|
|
|
- name: Install bandit
|
|
run: pip install bandit[toml]
|
|
|
|
- name: Run bandit security linter
|
|
run: bandit -r src/ -ll -i
|
|
continue-on-error: true
|