mirror of
https://gh.wpcy.net/https://github.com/verygoodplugins/mcp-freescout.git
synced 2026-07-18 13:56:04 +08:00
- Remove package-lock.json from .gitignore (required for npm ci) - Update CodeQL actions from v3 to v4 (v3 deprecated Dec 2026) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
53 lines
1.1 KiB
YAML
53 lines
1.1 KiB
YAML
name: Security
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 0 * * 0" # Weekly on Sunday
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
|
|
jobs:
|
|
codeql:
|
|
name: CodeQL Analysis
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v4
|
|
with:
|
|
languages: typescript
|
|
|
|
- name: Autobuild
|
|
uses: github/codeql-action/autobuild@v4
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v4
|
|
|
|
audit:
|
|
name: Dependency Audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
cache: "npm"
|
|
|
|
- run: npm ci
|
|
|
|
- name: Audit dependencies
|
|
run: npm audit --audit-level=high
|
|
continue-on-error: true
|
|
|
|
- name: Check for known vulnerabilities
|
|
run: npx better-npm-audit audit --level high
|
|
continue-on-error: true
|