Create security-checks.yml

.github/workflows/security-checks.yml

@@ -0,0 +1,54 @@
+name: "Security Checks Workflow"
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  security-events: write 
+
+jobs:
+  codeql-analysis:
+    name: "CodeQL Analysis"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4 
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3  
+        with:
+          languages: 'javascript, python'
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3 
+
+  gitleaks-scan:
+    name: "Gitleaks Secrets Scan"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4 
+
+      - name: Run Gitleaks scan
+        uses: zricethezav/[email protected]
+        with:
+          args: "--path=. --verbose" # Adjust arguments as needed
+
+  create-issue-on-failure:
+    if: ${{ failure() }}
+    name: "Create GitHub Issue if Security Check Fails"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create failure log file
+        run: echo "Security check failed in one of the previous jobs. Please investigate." > failure_log.txt
+
+      - name: Create GitHub issue on failure
+        uses: peter-evans/create-issue-from-file@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          title: "Security Check Failure: ${{ github.workflow }}"
+          content-filepath: failure_log.txt