oadmin/xinghuoapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0c9ba9e86c0d1ca4b6d6247835dc1ab7d5c42441
xinghuoapi/.github/workflows/security-scan.yml
shaw 0c9ba9e86c fix(security): upgrade Go 1.25.7 to 1.26.1 to resolve 4 stdlib vulnerabilities 
GO-2026-4602 (os), GO-2026-4601 (net/url), GO-2026-4600 and
GO-2026-4599 (crypto/x509). The crypto/x509 fixes are only
available in go1.26.1+, not backported to go1.25.x.
2026-03-07 08:45:55 +08:00

59 lines
1.5 KiB
YAML
Raw Blame History

name: Security Scan
on:
push:
pull_request:
schedule:
- cron: '0 3 * * 1'
permissions:
contents: read
jobs:
backend-security:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: backend/go.mod
check-latest: false
cache-dependency-path: backend/go.sum
- name: Verify Go version
run: |
go version | grep -q 'go1.26.1'
- name: Run govulncheck
working-directory: backend
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
frontend-security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up pnpm
uses: pnpm/action-setup@v4
with:
version: 9
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'pnpm'
cache-dependency-path: frontend/pnpm-lock.yaml
- name: Install dependencies
working-directory: frontend
run: pnpm install --frozen-lockfile
- name: Run pnpm audit
working-directory: frontend
run: |
pnpm audit --prod --audit-level=high --json > audit.json || true
- name: Check audit exceptions
run: |
python tools/check_pnpm_audit_exceptions.py \
--audit frontend/audit.json \
--exceptions .github/audit-exceptions.yml
Reference in New Issue View Git Blame Copy Permalink