deps(backend)(deps): Bump express-rate-limit from 7.5.1 to 8.1.0 in /backend #14

Workflow file for this run

.github/workflows/security.yml at 5dfbe4b

	name: Security

	on:
	schedule:
	# Run security scans daily at 2 AM UTC
	- cron: '0 2 * * *'
	push:
	branches: [main]
	pull_request:
	branches: [main]

	jobs:
	dependency-review:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'

	steps:
	- name: Dependency Review
	uses: actions/dependency-review-action@v3

	audit:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- uses: pnpm/action-setup@v2
	with:
	version: 8

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Run npm audit
	run: pnpm audit --audit-level=moderate
	continue-on-error: true

	- name: Create audit report
	run: pnpm audit --json > audit-report.json \|\| true

	- name: Upload audit report
	uses: actions/upload-artifact@v3
	with:
	name: security-audit-report
	path: audit-report.json
	retention-days: 30

	codeql:
	name: CodeQL Analysis
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [javascript]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v2
	with:
	languages: ${{ matrix.language }}
	queries: +security-and-quality

	- name: Autobuild
	uses: github/codeql-action/autobuild@v2

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v2
	with:
	category: "/language:${{matrix.language}}"

	secrets-scan:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Run secret scanning
	uses: trufflesecurity/trufflehog@main
	with:
	path: ./
	base: main
	head: HEAD
	extra_args: --debug --only-verified

	license-check:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- uses: pnpm/action-setup@v2
	with:
	version: 8

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Install license checker
	run: npm install -g license-checker

	- name: Check licenses
	run: \|
	license-checker --json --out licenses.json --production
	license-checker --summary --production

	- name: Upload license report
	uses: actions/upload-artifact@v3
	with:
	name: license-report
	path: licenses.json
	retention-days: 30

	sbom:
	name: Generate SBOM
	runs-on: ubuntu-latest
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'

	steps:
	- uses: actions/checkout@v4

	- uses: pnpm/action-setup@v2
	with:
	version: 8

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Generate SBOM
	uses: anchore/sbom-action@v0
	with:
	path: .
	format: spdx-json
	artifact-name: sbom.spdx.json

	- name: Upload SBOM
	uses: actions/upload-artifact@v3
	with:
	name: sbom
	path: sbom.spdx.json
	retention-days: 90

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(backend)(deps): Bump express-rate-limit from 7.5.1 to 8.1.0 in /backend #14

Workflow file

deps(backend)(deps): Bump express-rate-limit from 7.5.1 to 8.1.0 in /backend #14

Uh oh!

Workflow file for this run