Add GitHub Actions workflow for dependency and security checks #34
Description
The project currently does not have automated checks for dependency vulnerabilities
or security issues.
This issue proposes adding a GitHub Actions workflow focused on dependency and
security validation.
The security workflow should:
- Trigger on pull requests and scheduled runs.
- Install project dependencies.
- Run dependency security checks (e.g.
npm audit). - Optionally integrate with tools like Dependabot or existing SonarCloud setup.
- Report vulnerabilities and fail on high or critical issues (configurable).
Benefits:
- Early detection of vulnerable dependencies.
- Improved security posture of the application.
- Reduced risk of shipping known vulnerabilities.
- Aligns the project with modern security best practices.
This workflow complements existing CI checks by focusing on dependency health
and security.