From 3f8e6743e03264f0090962e5e9a4676fbd63a792 Mon Sep 17 00:00:00 2001
From: Adrian Brandemarte Moreira <adrian.brandemartemoreira@ansys.com>
Date: Mon, 15 Sep 2025 09:30:36 -0300
Subject: [PATCH] Add vulnerabilities check and actions security to the
 pipeline

---
 .github/workflows/ci_cd.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index 6cbf3a59..71538f91 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -239,6 +239,28 @@ jobs:
           path: doc/_build/latex/*.pdf
           retention-days: 7
 
+  check-vulnerabilities:
+    name: "Check library vulnerabilities"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ansys/actions/check-vulnerabilities@v10.0
+        with:
+          python-version: ${{ env.MAIN_PYTHON_VERSION }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          python-package-name: ${{ env.LIBRARY_NAME }}
+          dev-mode: ${{ github.ref != 'refs/heads/main' }}
+
+  actions-security:
+    name: "Check actions security"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ansys/actions/check-actions-security@v10.0
+        with:
+          generate-summary: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          auditing-level: 'high'
+          trust-ansys-actions: true
+
   package:
     name: Package library
     needs: [tests_run_windows, docs_build]