Skip to content

Security Steps #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MoisesTapia wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Security Steps #72

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
7aa9263
[SEC] Add sast to find vulnerabiolities
MoisesTapia Jun 18, 2025
47d38fa
[SEC] Fix Semgrep version
MoisesTapia Jun 18, 2025
93d2417
[SEC] Create new flow to each lenguage
MoisesTapia Jun 18, 2025
ad41f23
[SEC] Fix FrontEnd directory scan
MoisesTapia Jun 18, 2025
be4e133
[SEC] Fix FrontEnd directory scan
MoisesTapia Jun 18, 2025
9bfd412
[SEC] ADD dependency scan
MoisesTapia Jun 18, 2025
81e9202
[SEC] Fix Flow Java Scan Code
MoisesTapia Jun 18, 2025
0f1d96c
[SEC] Delete old files
MoisesTapia Jun 18, 2025
9a11abb
Merge branch 'Grashjs:main' into security
MoisesTapia Aug 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions .github/workflows/sast-java.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Java SAST Scan

on:
push:
branches:
- security
pull_request:
branches:
- security

jobs:
java-sast:
name: SpotBugs + FindSecBugs (api/)
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'

- name: Build project with Maven (skip tests)
working-directory: api
run: mvn clean install -DskipTests

- name: Run SpotBugs with FindSecBugs
working-directory: api
run: mvn com.github.spotbugs:spotbugs-maven-plugin:4.7.3.0:spotbugs

- name: Upload SpotBugs report
uses: actions/upload-artifact@v4
with:
name: spotbugs-report
path: api/target/spotbugsXml.xml
66 changes: 66 additions & 0 deletions .github/workflows/sast-web.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
name: Web SAST Scan

on:
push:
branches:
- security
pull_request:
branches:
- security

jobs:
web-sast:
name: ESLint + npm audit Security Scan (frontend/)
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'

- name: Navigate to frontend/ and install dependencies
working-directory: frontend
run: npm ci

# --------------------------
# ESLint Scan
# --------------------------
- name: Run ESLint
working-directory: frontend
run: |
npx eslint . \
--ext .ts,.tsx \
--ignore-pattern commitlint.config.ts \
--max-warnings=0 || true

- name: Generate ESLint JSON report
working-directory: frontend
run: |
npx eslint . \
--ext .ts,.tsx \
--ignore-pattern commitlint.config.ts \
-f json -o eslint-report.json || true

- name: Upload ESLint report
uses: actions/upload-artifact@v4
with:
name: eslint-report
path: frontend/eslint-report.json

# --------------------------
# npm audit
# --------------------------
- name: Run npm audit and generate JSON report
working-directory: frontend
run: |
npm audit --json > npm-audit-report.json || true

- name: Upload npm audit report
uses: actions/upload-artifact@v4
with:
name: npm-audit-report
path: frontend/npm-audit-report.json