Skip to content

Security Audit

Security Audit #56

name: Security Audit
on:
push:
schedule:
- cron: '50 12 * * *'
jobs:
composer-audit:
name: 'Composer Security Vulnerabilities Audit'
permissions:
contents: read
runs-on: ubuntu-22.04
steps:
- uses: shivammathur/setup-php@v2
with:
php-version: 8.2
tools: composer
coverage: none
- uses: actions/checkout@v4
- name: Prepare composer.lock from scratch
run: cp composer.6.4.lock composer.lock
- name: 'Check security vulnerabilities'
run: composer audit --locked
psalm-security:
name: 'Psalm Security Scan'
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Prepare composer.lock from scratch
run: cp composer.6.4.lock composer.lock
- name: 'Psalm Security Scan'
uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287
- name: 'Upload Security Analysis results to GitHub'
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif