security-workflows

JonKazama-Hellion/security-workflows

Fork 0

Commit Graph

Author	SHA1	Message	Date
JonKazama-Hellion	c9a8000a84	Replace aquasecurity/trivy-action with direct install The Trivy GitHub Action wrapper does nested checkouts and auth-juggling that breaks on Self-Hosted Gitea Actions: 'Failure - Main Checkout install script' on the first HellionChat run. Switching to the upstream install.sh + plain `trivy fs` invocation has a smaller surface and removes the action-internal git clone dance entirely.	2026-05-09 11:49:14 +02:00
JonKazama-Hellion	61dd7bf214	Initial reusable security-scan workflow Semgrep SAST + Trivy filesystem scan, runs in parallel. Either job failing fails the calling workflow. Inputs: - severity (Trivy threshold, default CRITICAL,HIGH) - semgrep-config (rule pack, default auto)	2026-05-09 11:20:11 +02:00

Author

SHA1

Message

Date

JonKazama-Hellion

c9a8000a84

Replace aquasecurity/trivy-action with direct install

The Trivy GitHub Action wrapper does nested checkouts and auth-juggling
that breaks on Self-Hosted Gitea Actions: 'Failure - Main Checkout
install script' on the first HellionChat run. Switching to the
upstream install.sh + plain `trivy fs` invocation has a smaller
surface and removes the action-internal git clone dance entirely.

2026-05-09 11:49:14 +02:00

JonKazama-Hellion

61dd7bf214

Initial reusable security-scan workflow

Semgrep SAST + Trivy filesystem scan, runs in parallel.
Either job failing fails the calling workflow.

Inputs:
- severity (Trivy threshold, default CRITICAL,HIGH)
- semgrep-config (rule pack, default auto)

2026-05-09 11:20:11 +02:00

2 Commits