| name: Security Scan & Auto-Guardian | |
| on: | |
| push: | |
| branches: [ main, master ] | |
| pull_request: | |
| branches: [ main, master ] | |
| jobs: | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| if [ -f core_system/requirements.txt ]; then pip install -r core_system/requirements.txt; fi | |
| pip install bandit safety | |
| - name: Run Security Scan (Bandit) | |
| run: | | |
| bandit -r core_system/ -f json -o security-report.json || true | |
| - name: Run Dependency Check (Safety) | |
| run: | | |
| safety check || true | |
| - name: Upload Scan Results | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: security-reports | |
| path: security-report.json | |