1eda18ea6e
Add automated security review on new pull requests to strengthen early detection of potential vulnerabilities. Leverage Claude to help identify security issues and highlight areas requiring special attention.
30 lines
894 B
YAML
30 lines
894 B
YAML
# /!\
|
|
# Security Note: This action is not hardened against prompt injection attacks and should only be used
|
|
# to review trusted PRs. Configure your repository with "Require approval for all external contributors"
|
|
# to ensure workflows only run after a maintainer has reviewed the PR.
|
|
name: Security Review
|
|
|
|
permissions:
|
|
pull-requests: write # Needed for leaving PR comments
|
|
contents: read
|
|
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- 'main'
|
|
|
|
jobs:
|
|
security:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
fetch-depth: 2
|
|
|
|
- uses: anthropics/claude-code-security-review@0c6a49f1fa56a1d472575da86a94dbc1edb78eda
|
|
with:
|
|
comment-pr: true
|
|
exclude-directories: docs,gitlint,LICENSES,bin
|
|
claude-api-key: ${{ secrets.CLAUDE_API_KEY }}
|