diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml new file mode 100644 index 00000000..68d93676 --- /dev/null +++ b/.github/workflows/npm-audit.yml @@ -0,0 +1,70 @@ +# ------------------------------------------------------------------------------------- +# +# Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# -------------------------------------------------------------------------------------- + +# This workflow will perform a security audit on the codebase. + +name: Security Audit + +on: + pull_request: + branches: [main] + workflow_dispatch: + +jobs: + audit: + name: Security Audit + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [lts/*] + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v2.3.3 + + - name: Setup node + id: setup-node + uses: actions/setup-node@v2 + with: + node-version: ${{ matrix.node-version }} + + - name: Setup pnpm + id: setup-pnpm + uses: pnpm/action-setup@v2.1.0 + with: + version: latest + run_install: false + + - name: Install Dependencies + id: install-dependencies + run: pnpm install + + - name: Run Security Audit + id: run-security-audit + run: | + pnpm audit --json > audit-results.json || true + pnpm audit --audit-level=high + + - name: Upload Audit Results + id: upload-audit-results + uses: actions/upload-artifact@v4 + with: + name: pnpm-audit-report + path: audit-results.json