name: Security
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: "0 7 * * 1"
permissions:
contents: read
jobs:
cargo-audit:
name: RustSec Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit --locked
- name: Run advisory scan
run: cargo audit --deny warnings
npm-audit:
name: npm Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
with:
node-version: "20"
- name: Audit npm wrapper package dependencies
working-directory: ./npm
run: |
npm install --package-lock-only --ignore-scripts
npm audit --omit=dev --audit-level=moderate