Skip to content
πŸ”’οΈ Security checks (Dependencies)

⬆️ (deps): Update dependency eslint-plugin-storybook to v9.0.11 #250

Sign in to view logs

⬆️ (deps): Update dependency eslint-plugin-storybook to v9.0.11

⬆️ (deps): Update dependency eslint-plugin-storybook to v9.0.11 #250

Workflow file for this run

.github/workflows/security.dependencies.yaml at 7294f69
---
name: πŸ”’οΈ Security checks (Dependencies)
on:
push:
branches: [main]
paths: [package.json, pnpm-lock.yaml]
pull_request:
paths: [package.json, pnpm-lock.yaml]
schedule:
- cron: 0 0 * * 1 # Run every Monday at midnight
workflow_dispatch: {}
permissions: {}
jobs:
security_audit:
name: πŸ” Dependency security audit
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: ⬇️ Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: πŸ—οΈ Setup Node.js
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 20
- name: πŸ“¦ Install PNPM
run: npm install -g pnpm
- name: πŸ”’ Install dependencies
run: pnpm install
- name: πŸ›‘οΈ Run security audit
run: pnpm audit --json | pnpx npm-audit-sarif /dev/stdin > pnpm-audit.sarif || true
- name: πŸ“Š Upload audit results to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
sarif_file: pnpm-audit.sarif
category: pnpm-audit