ci: add automated dependency vulnerability scanning #65

Merged

pook merged 1 commit from feature/dependency-audit-ci into main 2026-04-09 06:14:06 -04:00

Conversation 1 Commits 1 Files changed 1 +66

pook commented 2026-04-08 16:33:16 -04:00

Owner

Copy link

Summary

• Adds .gitea/workflows/dependency-audit.yml CI workflow that runs npm audit on PRs, pushes to main, and weekly schedule
• High/critical vulnerabilities fail the build (blocking)
• Low/moderate vulnerabilities produce warnings only (non-blocking)
• Generates a temporary package-lock.json since the project uses bun.lock
• Includes inline comments explaining how to resolve audit findings (npm audit fix, overrides, exception documentation)

Test plan

• Verify workflow triggers on PR to main
• Confirm high/critical vulns cause CI failure
• Confirm low/moderate vulns produce warnings without blocking
• Validate weekly schedule cron fires correctly

🤖 Generated with Claude Code

Closes #64

## Summary - Adds `.gitea/workflows/dependency-audit.yml` CI workflow that runs `npm audit` on PRs, pushes to main, and weekly schedule - **High/critical** vulnerabilities fail the build (blocking) - **Low/moderate** vulnerabilities produce warnings only (non-blocking) - Generates a temporary `package-lock.json` since the project uses `bun.lock` - Includes inline comments explaining how to resolve audit findings (npm audit fix, overrides, exception documentation) ## Test plan - [ ] Verify workflow triggers on PR to main - [ ] Confirm high/critical vulns cause CI failure - [ ] Confirm low/moderate vulns produce warnings without blocking - [ ] Validate weekly schedule cron fires correctly 🤖 Generated with [Claude Code](https://claude.com/claude-code) Closes #64

pook added 1 commit 2026-04-08 16:33:16 -04:00

ci: add automated dependency vulnerability scanning ... 3618b77138

Add npm audit step to CI that fails on high/critical vulnerabilities
and warns on low/moderate ones. Runs on PRs, pushes to main, and
weekly schedule. Includes inline guidance for resolving findings.

Since the project uses bun.lock, the workflow generates a temporary
package-lock.json for npm audit compatibility.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

pook commented 2026-04-08 16:33:26 -04:00

Author

Owner

Copy link

⚠️ No Test Suite Detected

Commit: 3618b771

No test script found in package.json. Add a test script to enable automated testing.

## ⚠️ No Test Suite Detected **Commit:** `3618b771` No `test` script found in `package.json`. Add a test script to enable automated testing.

pook merged commit 6a9b2110ac into main 2026-04-09 06:14:06 -04:00

pook referenced this pull request from a commit 2026-04-09 06:14:06 -04:00

Merge pull request 'ci: add automated dependency vulnerability scanning' (#65) from feature/dependency-audit-ci into main

pook referenced this pull request 2026-04-09 06:15:40 -04:00

PR pipeline unblocked: 18 PRs merged, 48 remaining need rebase #254

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

agent-task

Task for autonomous agent execution

  

agent-task

Paperclip autonomous agent task

No labels

agent-task

agent-task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pook/compliancebot!65

No description provided.