Skip to main content

Skillber v1.0 is here!

Learn more

Security Pipelines

Checking access...

Security Gate Decision Matrix

GateConditionPassFail
SASTNo critical/high findingsContinueBlock PR
SCANo critical CVEs in direct dependenciesContinueBlock PR
SecretsNo secrets detectedContinueBlock PR
IaCNo critical misconfigurationsContinueBlock PR
LicenseNo forbidden licensesContinueBlock PR
SBOMSBOM generated and storedContinueWarning only

GitHub Actions Workflow

name: Security Pipeline
on: [pull_request]
jobs:
security:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: SAST
uses: semgrep/semgrep-action@v1
continue-on-error: true
- name: SCA
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
continue-on-error: true
- name: Secret Scanning
uses: trufflesecurity/trufflehog@main
with:
path: .
base: ${{ github.event.repository.default_branch }}
head: HEAD
- name: Fail on Critical
if: failure()
uses: actions/github-script@v7
with:
script: |
core.setFailed("Security checks failed — review findings before merging")