cc-audit 3.11.3

Security auditor for Claude Code skills, hooks, and MCP servers
Documentation
name: Self Audit

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  CARGO_TERM_COLOR: always

jobs:
  self-audit:
    name: Self Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v7

      - uses: dtolnay/rust-toolchain@stable

      - uses: Swatinem/rust-cache@v2

      - name: Build cc-audit
        run: cargo build --release

      - name: Audit Skills
        run: |
          echo "## Skill Scan Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          ./target/release/cc-audit check --type skill . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
          echo '```' >> $GITHUB_STEP_SUMMARY

      - name: Audit Hooks
        run: |
          echo "## Hook Scan Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          ./target/release/cc-audit check --type hook . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
          echo '```' >> $GITHUB_STEP_SUMMARY

      - name: Audit MCP Configurations
        run: |
          echo "## MCP Scan Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          ./target/release/cc-audit check --type mcp . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
          echo '```' >> $GITHUB_STEP_SUMMARY

      - name: Audit Commands
        run: |
          echo "## Command Scan Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          ./target/release/cc-audit check --type command . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
          echo '```' >> $GITHUB_STEP_SUMMARY

      - name: Audit Dockerfiles
        run: |
          echo "## Docker Scan Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          ./target/release/cc-audit check --type docker . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
          echo '```' >> $GITHUB_STEP_SUMMARY

      - name: Audit Dependencies
        run: |
          echo "## Dependency Scan Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          ./target/release/cc-audit check --type dependency . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
          echo '```' >> $GITHUB_STEP_SUMMARY

      - name: Strict Mode Check (CI)
        run: |
          echo "## Strict Mode Results" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          ./target/release/cc-audit check --type skill --ci . || echo "::warning::Strict mode found issues"

  self-audit-result:
    name: Self Audit Result
    needs: [self-audit]
    if: always()
    runs-on: ubuntu-latest
    steps:
      - name: Check results
        run: |
          if [[ "${{ needs.self-audit.result }}" == "failure" ]]; then
            echo "Self audit job failed"
            exit 1
          fi
          echo "Self audit passed"