fix(ci): install syft in release.yml + add workflow_dispatch recovery… #257
security.yml
on: push
OSV-Scanner (SCA)
6s
Trivy (filesystem + container scan)
13s
Semgrep (SAST)
23s
Gitleaks (secret scan)
10s
jscpd (duplication < 3% on touched code)
16s
SBOM (SPDX + CycloneDX)
18s
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sbom
|
60 KB |
sha256:36d7d1a8d1f452d09c8af7e0e95d64628831ac3684121cf6041447ae78386d4b
|
|