Skip to content
Security

feat(llmcost): aip properties #1651

Sign in to view logs

feat(llmcost): aip properties

feat(llmcost): aip properties #1651

Workflow file for this run

.github/workflows/security.yaml at 1b920e8
permissions:
contents: read
actions: read
checks: read
on:
pull_request:
branches:
- main
push:
branches:
- main
name: Security
jobs:
secret-scanning:
name: Secret Scanning
runs-on: ubuntu-latest
if: (github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]')
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- uses: Kong/public-shared-actions/security-actions/secret-scan@1ab4c3b2b6d6056b08cc007e8bccb87a41b485e4 # 1.1.1
name: Running Secret Scan using Trufflehog
with:
fail_on_findings: "true"
sca:
runs-on: ubuntu-latest
permissions:
contents: write
issues: read
checks: write
pull-requests: write
name: Repository Scan
if: (github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]')
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- name: Scan Repository
id: sca_repo
uses: Kong/public-shared-actions/security-actions/sca@1ab4c3b2b6d6056b08cc007e8bccb87a41b485e4 # 6.0.0
with:
asset_prefix: openmeter-cloud
dir: "."
config: .syft.yaml
fail_build: "true"
scan-gh-workflows:
name: Scan GitHub Workflows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- name: Scan GitHub Workflows
id: scan_gh_workflows
uses: Kong/public-shared-actions/security-actions/scan-gh-workflows@1ab4c3b2b6d6056b08cc007e8bccb87a41b485e4 # 5.0.2
with:
fail_on_findings: "true"
github_token: ${{ secrets.GITHUB_TOKEN }}