Skip to content
Security Checks Workflows

Update security-checks.yml #9

Sign in to view logs

Update security-checks.yml

Update security-checks.yml #9

Workflow file for this run

.github/workflows/security-checks.yml at 7fa908e
name: "Security Checks Workflows"
on:
pull_request:
branches: [main]
push:
branches: [main]
permissions:
contents: read
security-events: write
jobs:
codeql-analysis:
name: "CodeQL Analysis"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: 'javascript'
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
gitleaks-scan:
name: "Gitleaks Secrets Scan"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Gitleaks scan
uses: gitleaks/gitleaks-action@v2
create-issue-on-failure:
if: ${{ failure() }}
name: "Create GitHub Issue if Security Check Fails"
runs-on: ubuntu-latest
steps:
- name: Create failure log file
run: |
echo "# Security Check Failure" > failure_log.txt
echo "One or more security checks failed. Please review the following reports for more details:" >> failure_log.txt
echo "## CodeQL Report:" >> failure_log.txt
SARIF_FILE=$(find . -name "*.sarif" | head -n 1)
if [ -f "$SARIF_FILE" ]; then
echo "[CodeQL Results SARIF]($SARIF_FILE)" >> failure_log.txt
else
echo "No CodeQL SARIF file found." >> failure_log.txt
echo "## Gitleaks Report:" >> failure_log.txt
echo "[Gitleaks Report not available]" >> failure_log.txt
- name: Create GitHub issue on failure
uses: peter-evans/create-issue-from-file@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
title: "Security Check Failure: ${{ github.workflow }}"
content-filepath: failure_log.txt