Skip to content

Composite GitHub CI Action containing the minimal viable security lint for brave repositories

License

Notifications You must be signed in to change notification settings

brave/security-action

Repository files navigation

security-action

Composite GitHub CI Action1 containing the minimal viable security lint for brave repositories

Usage

Add an action under .github/workflow/security-action.yml with the following content:

name: security
on:
  workflow_dispatch:
  push:
    branches: [main]
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]
    branches: [main]

jobs:
  security:
    name: security
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - uses: brave/security-action/actions/main@main
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} # optional
          # by default assignees will be thypon, modify accordingly
          assignees: |
            yoursecuritycontact
            yoursecondsecuritycontact

Branching Strategy

  • main branch, this should be tracked and included by all the repositories, without versioning. It should be always "stable" and contain the latest and greatest security checks
  • feature/*, feature branches including new security checkers
  • bugfix/*, fixes for specific bugs in the action

References

Footnotes

  1. https://docs.github.com/en/actions/creating-actions/creating-a-composite-action

About

Composite GitHub CI Action containing the minimal viable security lint for brave repositories

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published