Skip to content
Security Checks Workflows

fixes #8

Sign in to view logs

fixes

fixes #8

Workflow file for this run

.github/workflows/security-checks.yml at 15ff1d9
name: "Security Checks Workflows"
on:
pull_request:
branches: [main]
push:
branches: [main]
permissions:
contents: read
security-events: write
jobs:
codeql-analysis:
name: "CodeQL Analysis"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: 'javascript'
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: List Directory Contents
run: |
echo "Listing directory contents after CodeQL analysis:"
ls -R
echo "Looking for the SARIF file in the default locations:"
find . -name "*.sarif"
- name: Check SARIF File Existence
run: |
SARIF_FILE=$(find . -name "*.sarif" | head -n 1)
if [ -f "$SARIF_FILE" ]; then
echo "SARIF file exists at $SARIF_FILE."
else
echo "SARIF file does not exist!" && exit 1
fi
gitleaks-scan:
name: "Gitleaks Secrets Scan"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Gitleaks scan
uses: gitleaks/gitleaks-action@v2
create-issue-on-failure:
if: ${{ failure() }}
name: "Create GitHub Issue if Security Check Fails"
runs-on: ubuntu-latest
steps:
- name: Create failure log file
run: |
echo "# Security Check Failure" > failure_log.txt
echo "One or more security checks failed. Please review the following reports for more details:" >> failure_log.txt
echo "## CodeQL Report:" >> failure_log.txt
SARIF_FILE=$(find . -name "*.sarif" | head -n 1)
if [ -f "$SARIF_FILE" ]; then
echo "[CodeQL Results SARIF]($SARIF_FILE)" >> failure_log.txt
else
echo "No CodeQL SARIF file found." >> failure_log.txt
echo "## Gitleaks Report:" >> failure_log.txt
echo "[Gitleaks Report not available]" >> failure_log.txt
- name: Create GitHub issue on failure
uses: peter-evans/create-issue-from-file@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
title: "Security Check Failure: ${{ github.workflow }}"
content-filepath: failure_log.txt