mcp-freescout/.github/workflows/security.yml
Jack Arturo 78b99228b8 fix: add package-lock.json and update CodeQL to v4
- Remove package-lock.json from .gitignore (required for npm ci)
- Update CodeQL actions from v3 to v4 (v3 deprecated Dec 2026)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-04 15:25:04 +01:00

53 lines
1.1 KiB
YAML

name: Security
on:
schedule:
- cron: "0 0 * * 0" # Weekly on Sunday
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
security-events: write
jobs:
codeql:
name: CodeQL Analysis
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: typescript
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
audit:
name: Dependency Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
- run: npm ci
- name: Audit dependencies
run: npm audit --audit-level=high
continue-on-error: true
- name: Check for known vulnerabilities
run: npx better-npm-audit audit --level high
continue-on-error: true