Skip to content

ci: establish automated security and dependency scanning workflow#4850

Merged
JhaSourav07 merged 3 commits into
JhaSourav07:mainfrom
basantnema31:fix-ci-security
Jun 11, 2026
Merged

ci: establish automated security and dependency scanning workflow#4850
JhaSourav07 merged 3 commits into
JhaSourav07:mainfrom
basantnema31:fix-ci-security

Conversation

@basantnema31

@basantnema31 basantnema31 commented Jun 7, 2026

Copy link
Copy Markdown

Resolves #4780. This PR adds a comprehensive security CI workflow to the repository. It introduces Dependabot configuration for NPM and GitHub Actions, integrates CodeQL for static application security testing, and adds an NPM audit step to the existing CI pipeline.

@vercel

vercel Bot commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

Someone is attempting to deploy a commit to the jhasourav07's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-advanced-security

github-advanced-security AI commented Jun 7, 2026

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@github-actions github-actions Bot added the status:blocked This PR is blocked due to a failing CI check. label Jun 7, 2026
@github-actions

github-actions Bot commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

🚨 Hey @basantnema31, the CI Pipeline is failing on this PR and it has been marked as status:blocked.

Please fix the issues before this can be reviewed. Here's how:

1. Run checks locally before pushing:

npm run format:check   # Check Prettier formatting
npm run lint           # Run ESLint
npm run typecheck      # TypeScript type check
npm run test           # Run unit tests (Vitest)
npm run build          # Verify production build passes

2. Auto-fix common issues:

npm run format         # Auto-fix formatting with Prettier
npm run lint -- --fix  # Auto-fix lint errors where possible

3. Check the full failure log here:
👉 View CI Run

Once you push a fix and the CI passes, the status:blocked label will be removed automatically. 💪

@github-actions github-actions Bot added type:devops CI/CD pipelines, workflows, dev scripts, and config and removed status:blocked This PR is blocked due to a failing CI check. labels Jun 7, 2026
@Aamod-Dev Aamod-Dev added level:advanced Complex contributions involving architecture, optimization, or significant feature work quality:clean PR follows clean coding practices, proper formatting, documentation, and maintainability standards. GSSoC 2026 mentor:Aamod007 labels Jun 11, 2026
Aamod-Dev
Aamod-Dev approved these changes Jun 11, 2026
View reviewed changes

@Aamod-Dev Aamod-Dev left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent addition to our CI! An automated security and dependency scanning workflow will help us catch vulnerabilities early before they reach production. Approving!

@basantnema31 basantnema31 requested a review from Aamod-Dev June 11, 2026 13:05
@JhaSourav07 JhaSourav07 added the gssoc:approved PR has been reviewed and accepted for valid contribution points label Jun 11, 2026
@JhaSourav07 JhaSourav07 merged commit d3438d1 into JhaSourav07:main Jun 11, 2026
5 of 6 checks passed
@github-actions github-actions Bot added this to the GSSoC 2026 milestone Jun 11, 2026
@github-actions

github-actions Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

🎉 Congratulations @basantnema31! Your PR has been successfully merged. 🚀

Thank you for contributing to CommitPulse. Your work helps us build a better tool for the community.

⚠️ Important for GSSoC Contributors:
You are strictly advised to join our Discord Server as it is mandatory for all GSSoC participants. All important announcements, point claims, and community discussions happen there.

Keep building! 💻✨

@JhaSourav07 JhaSourav07 added gssoc:approved PR has been reviewed and accepted for valid contribution points and removed gssoc:approved PR has been reviewed and accepted for valid contribution points labels Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aamod-Dev Aamod-Dev Awaiting requested review from Aamod-Dev

Assignees

No one assigned

Labels

gssoc:approved PR has been reviewed and accepted for valid contribution points gssoc:needs-rebase GSSoC 2026 level:advanced Complex contributions involving architecture, optimization, or significant feature work mentor:Aamod007 quality:clean PR follows clean coding practices, proper formatting, documentation, and maintainability standards. type:devops CI/CD pipelines, workflows, dev scripts, and config

Projects

None yet

Milestone

GSSoC 2026

Development

Successfully merging this pull request may close these issues.

CRITICAL: Establish Automated CI Workflow for Security and Dependency Scanning

4 participants

@basantnema31 @github-advanced-security @Aamod-Dev @JhaSourav07