fix(robustness): P1+P2 follow-ups from brainstorm #71
security.yml
on: pull_request
OSV-Scanner (SCA)
10s
Trivy (filesystem + container scan)
16s
Semgrep (SAST)
22s
Gitleaks (secret scan)
8s
jscpd (duplication < 3% on touched code)
16s
SBOM (SPDX + CycloneDX)
20s
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sbom
|
43.9 KB |
sha256:2648f4af35b46ef4b80b3325ba4f73c6f2785f3733d87d962307c7f671952e1b
|
|