GitHub MCP Control Plane

Overview Schema Related Servers Score Discussions

Mcp
.github
workflows

security-check.yml•4.33 kB

name: Security Check on: push: branches: [main, develop] pull_request: branches: [main, develop] schedule: - cron: '0 0 * * *' # Daily at midnight UTC workflow_dispatch: jobs: dependency-audit: name: Dependency Audit runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Node.js uses: actions/setup-node@v3 with: node-version: '18' cache: 'npm' - name: Run npm audit run: npm audit --audit-level=moderate continue-on-error: true - name: Audit dependencies with Snyk uses: snyk/actions/node@master continue-on-error: true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} code-scan: name: Code Security Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Run CodeQL Analysis uses: github/codeql-action/analyze@v2 with: languages: javascript - name: Run Semgrep uses: returntocorp/semgrep-action@v1 with: config: >- p/security-audit p/javascript p/secrets secret-scan: name: Secret Scanning runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 with: fetch-depth: 0 - name: Run TruffleHog uses: trufflesecurity/trufflehog@main with: path: ./ base: ${{ github.event.repository.default_branch }} head: HEAD - name: Run gitleaks uses: gitleaks/gitleaks-action@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GIT_LEAKS_LICENSE: ${{ secrets.GIT_LEAKS_LICENSE }} policy-validation: name: Policy Validation runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Node.js uses: actions/setup-node@v3 with: node-version: '18' cache: 'npm' - name: Install dependencies run: npm ci - name: Validate secret patterns run: node -e " const patterns = require('./src/config/secret-patterns.json'); patterns.patterns.forEach(p => { try { new RegExp(p.regex); } catch (e) { console.error('Invalid regex in pattern:', p.name); process.exit(1); } }); console.log('All secret patterns are valid'); " - name: Validate policy rules run: node -e " const policies = require('./src/config/policy-rules.json'); policies.policies.forEach(p => { if (!p.name || !p.tools) { console.error('Invalid policy:', p); process.exit(1); } }); console.log('All policy rules are valid'); " vulnerability-check: name: OSV Vulnerability Check runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Node.js uses: actions/setup-node@v3 with: node-version: '18' cache: 'npm' - name: Install dependencies run: npm ci - name: Check for vulnerabilities using OSV uses: github/osv-scanner-action@main with: scan-args: '.' continue-on-error: true security-report: name: Generate Security Report runs-on: ubuntu-latest needs: [dependency-audit, code-scan, secret-scan, policy-validation, vulnerability-check] if: always() steps: - name: Security Summary run: | echo "## Security Scan Summary" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "- Dependency Audit: ${{ needs.dependency-audit.result }}" >> $GITHUB_STEP_SUMMARY echo "- Code Scan: ${{ needs.code-scan.result }}" >> $GITHUB_STEP_SUMMARY echo "- Secret Scan: ${{ needs.secret-scan.result }}" >> $GITHUB_STEP_SUMMARY echo "- Policy Validation: ${{ needs.policy-validation.result }}" >> $GITHUB_STEP_SUMMARY echo "- Vulnerability Check: ${{ needs.vulnerability-check.result }}" >> $GITHUB_STEP_SUMMARY

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/nakad-pixel/Mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

security-check.yml•4.33 kB