Skip to content
Security Scan

deps(rust): bump async-tungstenite from 0.27.0 to 0.33.0 #124

Sign in to view logs

deps(rust): bump async-tungstenite from 0.27.0 to 0.33.0

deps(rust): bump async-tungstenite from 0.27.0 to 0.33.0 #124

Workflow file for this run

.github/workflows/security.yml at 70ae338
name: Security Scan
on:
schedule:
# Run weekly on Sunday at midnight
- cron: '0 0 * * 0'
push:
branches: [ main ]
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
pull_request:
branches: [ main ]
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
jobs:
# Dependency vulnerability audit
audit:
name: Dependency Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run cargo-audit
run: cargo audit --json > audit-report.json || true
- name: Check for critical vulnerabilities
run: |
if cargo audit 2>&1 | grep -q "CRITICAL"; then
echo "::error::Critical vulnerabilities found!"
cargo audit
exit 1
fi
echo "No critical vulnerabilities found"
- name: Upload audit report
uses: actions/upload-artifact@v7
with:
name: security-audit-report
path: audit-report.json
if: always()
# Dependency license check
license-check:
name: License Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-deny
run: cargo install cargo-deny
- name: Check licenses
run: cargo deny check licenses
continue-on-error: true
# SAST with semgrep
sast:
name: Static Analysis
runs-on: ubuntu-latest
container:
image: semgrep/semgrep
steps:
- uses: actions/checkout@v6
- name: Run Semgrep
run: semgrep ci --config auto --config p/rust --config p/security-audit
env:
SEMGREP_RULES: p/rust p/security-audit
continue-on-error: true
# Check for secrets
secrets-scan:
name: Secrets Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Scan for secrets
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: main
head: HEAD
continue-on-error: true
# Supply chain security
supply-chain:
name: Supply Chain Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-vet
run: cargo install cargo-vet
continue-on-error: true
- name: Check supply chain
run: cargo vet --locked
continue-on-error: true # May not be configured yet