From 3db7d8073c6d101a49eb560270f4c8368c58dd79 Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Thu, 18 Dec 2025 15:54:12 +0000
Subject: [PATCH] Add Shai-Hulud security scan to CI workflow

Co-authored-by: social.bs0709 <social.bs0709@pm.me>
---
 .github/workflows/main.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index f83c47b..448af35 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -17,9 +17,27 @@ env:
   IMAGE_NAME: ${{ github.repository_owner }}/hypebot
 
 jobs:
+  security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Shai-Hulud Security Scan
+        uses: gensecaihq/Shai-Hulud-2.0-Detector@v2
+        with:
+          fail-on-critical: true
+          fail-on-high: false
+          fail-on-any: false
+          scan-lockfiles: true
+          scan-node-modules: false
+          output-format: text
+          working-directory: '.'
+
   test:
     if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
+    needs: security-scan
     steps:
       - name: Checkout
         uses: actions/checkout@v5