oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity
Files
11287056e914270cb185c23c04efc8f32565d9a8
aitbc/.gitea/workflows/security-scanning.yml
aitbc1 11287056e9
Some checks failed
Documentation Validation / validate-docs (push) Waiting to run
Details
API Endpoint Tests / test-api-endpoints (push) Successful in 44s
Details
CLI Tests / test-cli (push) Successful in 1m18s
Details
JavaScript SDK Tests / test-js-sdk (push) Successful in 27s
Details
Integration Tests / test-service-integration (push) Successful in 59s
Details
Package Tests / test-python-packages (map[name:aitbc-core path:packages/py/aitbc-core]) (push) Successful in 29s
Details
Systemd Sync / sync-systemd (push) Has been cancelled
Details
Package Tests / test-python-packages (map[name:aitbc-agent-sdk path:packages/py/aitbc-agent-sdk]) (push) Successful in 1m5s
Details
Package Tests / test-python-packages (map[name:aitbc-crypto path:packages/py/aitbc-crypto]) (push) Successful in 44s
Details
Package Tests / test-python-packages (map[name:aitbc-sdk path:packages/py/aitbc-sdk]) (push) Successful in 36s
Details
Package Tests / test-javascript-packages (map[name:aitbc-sdk-js path:packages/js/aitbc-sdk]) (push) Successful in 22s
Details
Package Tests / test-javascript-packages (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Successful in 1m3s
Details
Python Tests / test-python (push) Successful in 1m34s
Details
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Successful in 42s
Details
Security Scanning / security-scan (push) Successful in 1m31s
Details
Smart Contract Tests / test-solidity (map[name:zk-circuits path:apps/zk-circuits]) (push) Successful in 50s
Details
Smart Contract Tests / lint-solidity (push) Successful in 1m6s
Details
Rust ZK Components Tests / test-rust-zk (push) Failing after 11m34s
Details
ci: update all workflows to use standardized AITBC directory structure 
- Ensure standard directories exist in all CI workflows:
  - /var/lib/aitbc/data - Blockchain database files
  - /var/lib/aitbc/keystore - Wallet credentials
  - /etc/aitbc/ - Configuration files
  - /var/log/aitbc/ - Service logs

- Updated workflows:
  - python-tests.yml
  - integration-tests.yml
  - api-endpoint-tests.yml
  - security-scanning.yml
  - systemd-sync.yml
  - docs-validation.yml
  - package-tests.yml
  - smart-contract-tests.yml
  - js-sdk-tests.yml
  - rust-zk-tests.yml
  - cli-level1-tests.yml

This aligns CI/CD with the multi-node blockchain deployment workflow
and ensures consistent directory structure across all environments.
2026-03-29 14:37:18 +02:00

77 lines
2.6 KiB
YAML
Raw Blame History

name: Security Scanning
on:
push:
branches: [main, develop]
paths:
- 'apps/**'
- 'packages/**'
- 'cli/**'
- '.gitea/workflows/security-scanning.yml'
pull_request:
branches: [main, develop]
schedule:
- cron: '0 3 * * 1'
workflow_dispatch:
concurrency:
group: security-scanning-${{ github.ref }}
cancel-in-progress: true
jobs:
security-scan:
runs-on: debian
timeout-minutes: 15
steps:
- name: Clone repository
run: |
WORKSPACE="/var/lib/aitbc-workspaces/security-scan"
rm -rf "$WORKSPACE"
mkdir -p "$WORKSPACE"
cd "$WORKSPACE"
git clone --depth 1 http://gitea.bubuit.net:3000/oib/aitbc.git repo
- name: Setup tools
run: |
cd /var/lib/aitbc-workspaces/security-scan/repo
# Ensure standard directories exist
mkdir -p /var/lib/aitbc/data /var/lib/aitbc/keystore /etc/aitbc /var/log/aitbc
python3 -m venv venv
source venv/bin/activate
pip install -q bandit safety pip-audit
echo "✅ Security tools installed"
- name: Python dependency audit
run: |
cd /var/lib/aitbc-workspaces/security-scan/repo
source venv/bin/activate
echo "=== Dependency Audit ==="
pip-audit -r requirements.txt --desc 2>/dev/null || echo "⚠️ Some vulnerabilities found"
echo "✅ Dependency audit completed"
- name: Bandit security scan
run: |
cd /var/lib/aitbc-workspaces/security-scan/repo
source venv/bin/activate
echo "=== Bandit Security Scan ==="
bandit -r apps/ packages/py/ cli/ \
-s B101,B311 \
--severity-level medium \
-f txt -q 2>/dev/null || echo "⚠️ Bandit findings"
echo "✅ Bandit scan completed"
- name: Check for secrets
run: |
cd /var/lib/aitbc-workspaces/security-scan/repo
echo "=== Secret Detection ==="
# Simple pattern check for leaked secrets
grep -rn "PRIVATE_KEY\s*=\s*['\"]" apps/ packages/ cli/ 2>/dev/null | grep -v "example\|test\|mock\|dummy" && echo "⚠️ Possible secrets found" || echo "✅ No secrets detected"
grep -rn "password\s*=\s*['\"][^'\"]*['\"]" apps/ packages/ cli/ 2>/dev/null | grep -v "example\|test\|mock\|dummy\|placeholder" | head -5 && echo "⚠️ Possible hardcoded passwords" || echo "✅ No hardcoded passwords"
- name: Cleanup
if: always()
run: rm -rf /var/lib/aitbc-workspaces/security-scan
Reference in New Issue View Git Blame Copy Permalink