Skip to content
Security Analysis

Security Analysis #15

Sign in to view logs

Security Analysis

Security Analysis #15

Workflow file for this run

.github/workflows/security-analysis.yml at e3cba21
name: Security Analysis
on:
push:
branches: [ "main", "develop" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '0 6 * * 1' # Weekly on Monday at 6 AM UTC
jobs:
slither-solidity:
name: Slither Analysis (Solidity)
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Run Slither
uses: crytic/slither-action@v0.4.1
id: slither
with:
target: '.'
sarif: slither-results.sarif
fail-on: none
ignore-compile: false
slither-args: '--exclude naming-convention,solc-version --foundry-out-dir out'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: slither-results.sarif
category: slither
codeql-rust:
name: CodeQL Analysis (Rust)
runs-on: ubuntu-latest
timeout-minutes: 360
permissions:
actions: read
contents: read
security-events: write
packages: read
strategy:
fail-fast: false
matrix:
language: [ 'rust' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: security-extended,security-and-quality
- name: Setup Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
combined-security-report:
name: Security Report Summary
runs-on: ubuntu-latest
needs: [slither-solidity, codeql-rust]
if: always()
permissions:
contents: read
security-events: read
steps:
- name: Report Status
run: |
echo "## Security Analysis Summary" >> $GITHUB_STEP_SUMMARY
echo "- Slither (Solidity): ${{ needs.slither-solidity.result }}" >> $GITHUB_STEP_SUMMARY
echo "- CodeQL (Rust): ${{ needs.codeql-rust.result }}" >> $GITHUB_STEP_SUMMARY