4e54b8bd4d
- Added YAML frontmatter to all 8 polish-* skills and sweep skill so Claude can auto-invoke them - New bitcoin-conventions skill with PROUX UX methodology, sats display, address validation, Tor preferences, Lightning patterns - Path-specific rules for containers (security hardening) and frontend (Vue/glassmorphism conventions) - Gitea Actions: nightly security review and weekly dependency audit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
30 lines
844 B
YAML
30 lines
844 B
YAML
name: Weekly Dependency Audit
|
|
on:
|
|
schedule:
|
|
- cron: '13 2 * * 0'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
audit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Rust dependency audit
|
|
run: |
|
|
cargo install cargo-audit 2>/dev/null || true
|
|
echo "=== Cargo Audit ==="
|
|
cargo audit 2>&1 | tee cargo-audit.txt || true
|
|
|
|
echo ""
|
|
echo "=== Version Pinning Check ==="
|
|
grep -n '"\*"' Cargo.toml || echo "No wildcard versions found"
|
|
|
|
- name: Check for critical vulnerabilities
|
|
run: |
|
|
if grep -qi "RUSTSEC.*critical\|vulnerability found" cargo-audit.txt 2>/dev/null; then
|
|
echo "::error::Critical Rust dependency vulnerabilities found"
|
|
exit 1
|
|
fi
|
|
echo "No critical vulnerabilities detected"
|