security-action

Composite GitHub CI Action¹ containing the minimal viable security lint for brave repositories

Usage

Add an action under .github/workflow/security-action.yml with the following content:

name: security
on:
  workflow_dispatch:
  push:
    branches: [main]
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]
    branches: [main]

jobs:
  security:
    name: security
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - uses: brave/security-action@main
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} # optional
          # by default assignees will be thypon and bcaller, modify accordingly
          assignees: |
            yoursecuritycontact
            yoursecondsecuritycontact

Branching Strategy

main branch, this should be tracked and included by all the repositories, without versioning. It should be always "stable" and contain the latest and greatest security checks
feature/*, feature branches including new security checkers
bugfix/*, fixes for specific bugs in the action

References

https://docs.github.com/en/actions/creating-actions/creating-a-composite-action ↩

Name		Name	Last commit message	Last commit date
Latest commit History 566 Commits
.github		.github
assets		assets
src		src
t3sts		t3sts
.gitallowed		.gitallowed
.gitignore		.gitignore
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
LICENSE		LICENSE
README.md		README.md
SECURITY.md		SECURITY.md
action.yml		action.yml
package-lock.json		package-lock.json
package.json		package.json
requirements.txt		requirements.txt
run.js		run.js

License

brave/security-action

Folders and files

Latest commit

History

Repository files navigation

security-action

Usage

Branching Strategy

References

Footnotes

About

Resources

License

Security policy

Stars

Watchers

Forks

Languages