Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-02-06 08:31:48 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor security scanning in CI workflow for wekan-selenium, adding dedicated vulnerability scans for the repository and Python dependencies.

Browse source
This commit is contained in:
omri zaher 2025-09-25 17:51:25 +03:00
parent d5d2d59271
commit 27680a781c
1 changed files with 39 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

46
.github/workflows/e2e-testing.yml vendored
View file

@ -207,9 +207,40 @@ jobs:
run: |
pytest --maxfail=5 --disable-warnings -v
Selenium-ui-tests:
wekan-selenium-security-scan:
needs: deploy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 1
repository: omriza5/wekan-selenium
token: ${{ secrets.UI_TESTING_GITHUB_TOKEN }}
- name: Scan wekan-selenium repo for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'table'
severity: 'HIGH,CRITICAL'
ignore-unfixed: true
exit-code: 0
dir: '.'
- name: Scan Python dependencies for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
scan-type: 'pip'
requirements: 'requirements.txt'
format: 'table'
severity: 'HIGH,CRITICAL'
ignore-unfixed: true
exit-code: 0
Selenium-ui-tests:
needs: [deploy, security-scan]
runs-on: ubuntu-latest
strategy:
matrix:
@ -229,14 +260,15 @@ jobs:
repository: omriza5/wekan-selenium
token: ${{ secrets.UI_TESTING_GITHUB_TOKEN }}
- name: Scan wekan-selenium repo for vulnerabilities
- name: Scan Python dependencies for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'table'
severity: 'HIGH,CRITICAL'
ignore-unfixed: true
exit-code: 0
scan-type: 'pip'
requirements: 'requirements.txt'
format: 'table'
severity: 'HIGH,CRITICAL'
ignore-unfixed: true
exit-code: 0
- name: Set up Python 3.11
uses: actions/setup-python@v4