Security (OSS-CLI) #29
security.yml
on: schedule
Trivy (filesystem + container scan)
24s
Semgrep (SAST)
20s
PSScriptAnalyzer (Error severity gate)
37s
Gitleaks (secret scan)
6s
jscpd (duplication < 3% on touched code)
14s
SBOM (SPDX + CycloneDX)
12s
Annotations
2 warnings
|
SBOM (SPDX + CycloneDX)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: anchore/sbom-action@fc46e51fd3cb168ffb36c6d1915723c47db58abb. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
jscpd (duplication < 3% on touched code)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sbom
|
4.01 KB |
sha256:8ceb5ac31ca3448afe12a21cc5344a60dc5637316fea94f69dc6f3e886baed2b
|
|