fix(security,test): clear 3 SonarCloud vulnerabilities + flaky pipeli… #113
security.yml
on: push
OSV-Scanner (SCA)
8s
Trivy (filesystem + container scan)
13s
Semgrep (SAST)
25s
Gitleaks (secret scan)
7s
jscpd (duplication < 3% on touched code)
12s
SBOM (SPDX + CycloneDX)
24s
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sbom
|
38.8 KB |
sha256:27e82d6cad3cadfc99bb4dbf84f698a823bcb64dfca9f09c9d17d256774c383a
|
|