Skip to content
Security Scan

Security Scan #215

Sign in to view logs

Security Scan

Security Scan #215

Workflow file for this run

.github/workflows/security-scan.yml at 3bf8557
name: Security Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
# Run security scan daily at 2 AM UTC
- cron: '0 2 * * *'
workflow_dispatch:
permissions:
contents: read
security-events: write
jobs:
python-security:
name: Python Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install pip-audit
run: |
python -m pip install --upgrade pip
pip install pip-audit
- name: Install dependencies
run: |
pip install -r requirements.txt
- name: Run pip-audit
run: |
pip-audit --desc --skip-editable
- name: Check for outdated packages
run: |
pip list --outdated
cargo-security:
name: Rust Cargo Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: stable
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run cargo audit on pqc_rust_src
working-directory: ./pqc_rust_src
run: cargo audit
- name: Run cargo audit on rust
working-directory: ./rust
run: cargo audit
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: low
deny-licenses: GPL-2.0, GPL-3.0