public-ui-kolibri

name: Security Scan on: workflow_dispatch: inputs: enable_audit: description: 'Run pnpm audit' type: boolean default: true enable_trivy: description: 'Run the Trivy scan' type: boolean default: true enable_clamav: description: 'Run the ClamAV scan' type: boolean default: true install_deps: description: 'Install dependencies' type: boolean default: false concurrency: group: ${{ format('workflow-{0}-{1}', github.workflow, github.ref) }} cancel-in-progress: true jobs: targeted-scan: name: Security Scan runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 persist-credentials: false ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref }} - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: 10 - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: 22 - name: Run security scans uses: public-ui/kolibri/.github/actions/security-scan@develop with: enable-audit: ${{ github.event_name == 'workflow_dispatch' && inputs.enable_audit || 'true' }} enable-trivy: ${{ github.event_name == 'workflow_dispatch' && inputs.enable_trivy || 'true' }} enable-clamav: ${{ github.event_name == 'workflow_dispatch' && inputs.enable_clamav || 'true' }} install-deps: ${{ github.event_name == 'workflow_dispatch' && inputs.install_deps || 'false' }}