diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..67570c1 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,28 @@ +name: Security + +on: push + +jobs: + security: + name: Snyk + runs-on: ubuntu-latest + + permissions: + security-events: write + + steps: + - name: Repository checkout + uses: actions/checkout@v4.1.7 + + - continue-on-error: true + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + name: Snyk vulnerabilities scan + uses: snyk/actions/node@0.4.0 + with: + args: --sarif-file-output=snyk.sarif + + - name: SARIF upload to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3.26.8 + with: + sarif_file: snyk.sarif diff --git a/README.md b/README.md index 9da3a15..0f8f789 100644 --- a/README.md +++ b/README.md @@ -2,5 +2,6 @@ [![Continuous integration (CI)](https://github.com/Stassi/leaf/actions/workflows/continuous-integration.yml/badge.svg)](https://github.com/Stassi/leaf/actions/workflows/continuous-integration.yml) [![Continuous delivery (CD)](https://github.com/Stassi/leaf/actions/workflows/continuous-delivery.yml/badge.svg)](https://github.com/Stassi/leaf/actions/workflows/continuous-delivery.yml) +[![Security](https://github.com/Stassi/leaf/actions/workflows/security.yml/badge.svg)](https://github.com/Stassi/leaf/actions/workflows/security.yml) Leaflet adapter. diff --git a/package-lock.json b/package-lock.json index 841892e..37ca41c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@stassi/leaf", - "version": "0.0.25", + "version": "0.0.26", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@stassi/leaf", - "version": "0.0.25", + "version": "0.0.26", "cpu": [ "arm64", "x64" diff --git a/package.json b/package.json index 3490961..3756e82 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@stassi/leaf", - "version": "0.0.25", + "version": "0.0.26", "description": "Leaflet adapter.", "keywords": [ "cartography",