diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml new file mode 100644 index 0000000..ddf34ff --- /dev/null +++ b/.github/workflows/vulnerability-scan.yml @@ -0,0 +1,24 @@ +name: Vulnerability Scan + +on: + pull_request: + push: + branches: [main] + schedule: + - cron: '0 6 * * 1' # Weekly Monday 06:00 UTC + +permissions: + contents: read + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run osv-scanner + uses: google/osv-scanner-action/osv-scanner-action@v2 + continue-on-error: true + with: + scan-args: |- + --lockfile=package-lock.json