From c3f0389e2c24ce436f6d1720e5366b1b40345b28 Mon Sep 17 00:00:00 2001 From: witmicko Date: Mon, 1 Dec 2025 15:16:04 +0000 Subject: [PATCH] ci: enable security code scanner --- .github/workflows/security-code-scanner.yml | 40 +++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/security-code-scanner.yml diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml new file mode 100644 index 0000000..474d2a5 --- /dev/null +++ b/.github/workflows/security-code-scanner.yml @@ -0,0 +1,40 @@ +name: MetaMask Security Code Scanner + +on: + push: + branches: + - main + pull_request: + branches: + - main + workflow_call: + secrets: + SECURITY_SCAN_METRICS_TOKEN: + required: false + APPSEC_BOT_SLACK_WEBHOOK: + required: false + workflow_dispatch: + +jobs: + security-scan: + uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2 + permissions: + actions: read + contents: read + security-events: write + with: + repo: ${{ github.repository }} + scanner-ref: 'v2' + paths-ignored: | + **/vendor/** + **/*_test.go + **/testdata/** + languages-config: | + [ + { + "language": "go" + } + ] + secrets: + project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }} + slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}