Skip to content
Security & Dependency Scan

Merge pull request #10 from Hermi-git/embeeding_and_vectorizing_features #27

Sign in to view logs

Merge pull request #10 from Hermi-git/embeeding_and_vectorizing_features

Merge pull request #10 from Hermi-git/embeeding_and_vectorizing_features #27

Workflow file for this run

.github/workflows/security.yml at 891c842
name: Security & Dependency Scan
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
schedule:
- cron: '0 0 * * 0' # Weekly on Sunday
jobs:
dependency-check-backend:
name: Backend Dependency Check
if: false # Temporarily disabled - focusing on embedding features
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install dependencies
run: |
cd backend
pip install -e .
- name: Run Safety check
run: |
pip install safety
cd backend
safety check --json || true
- name: Run pip-audit
run: |
pip install pip-audit
cd backend
pip-audit
dependency-check-frontend:
name: Frontend Dependency Check
if: false # Temporarily disabled
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'npm'
cache-dependency-path: 'frontend/package-lock.json'
- name: Install dependencies
run: |
cd frontend
npm ci
- name: Audit npm packages
run: |
cd frontend
npm audit --audit-level=moderate || true
- name: Run Snyk scan
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
continue-on-error: true
secret-scan:
name: Secret Scanning
if: false # Temporarily disabled
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: TruffleHog scan
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
codeql:
name: CodeQL Analysis
if: false # Temporarily disabled
runs-on: ubuntu-latest
strategy:
matrix:
language: ['python', 'javascript']
steps:
- uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2