Scans

Scans #3

	name: Scans

	on:
	workflow_dispatch:
	pull_request:
	branches: [master]
	paths:
	- "*/.py"
	- "*/.js"
	- pyproject.toml

	jobs:
	codeql:
	name: "CodeQL"
	runs-on: ubuntu-latest
	steps:
	- name: "Checkout repository"
	uses: actions/checkout@v4
	- name: "Initialize CodeQL"
	uses: github/codeql-action/init@v2
	with:
	languages: javascript,python
	- name: "Perform CodeQL analysis"
	uses: github/codeql-action/analyze@v2

	bandit:
	name: "Bandit"
	runs-on: ubuntu-latest
	steps:
	- name: "Checkout repository"
	uses: actions/checkout@v4
	- name: "Install bandit"
	run: pip install bandit[toml] bandit-sarif-formatter
	- name: "Run bandit"
	run: bandit -c pyproject.toml -f sarif -o bandit.sarif -r .
	- name: "Upload bandit analysis"
	uses: github/codeql-action/upload-sarif@v2
	with:
	category: bandit
	sarif_file: bandit.sarif

	dependency-review:
	name: "Dependencies"
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	steps:
	- name: "Checkout repository"
	uses: actions/checkout@v4
	- name: "Review dependencies"
	uses: actions/dependency-review-action@v3
	with:
	fail-on-severity: high
	comment-summary-in-pr: on-failure
	deny-licenses: >-
	AGPL-3.0-only,
	AGPL-3.0-or-later,
	GPL-2.0-only,
	GPL-2.0-or-later,
	GPL-3.0-only,
	GPL-3.0-or-later

Provide feedback