mirror of
https://github.com/we-promise/sure.git
synced 2026-04-09 15:24:48 +00:00
1ddc427fd5
* chore(helm): bump pipelock to v2.0.0 with trusted domains and redirect profiles - Bump pipelock image tag from 1.5.0 to 2.0.0 - Add first-class Helm values for trustedDomains and mcpToolPolicy.redirectProfiles - Update CI GitHub Action from @v1 to @v2 - Update compose example, config reference, and docs with v2.0 features * Releasing this today in `alpha` form --------- Co-authored-by: Juan José Mata <jjmata@jjmata.com>
28 lines
554 B
YAML
28 lines
554 B
YAML
name: Pipelock Security Scan
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
security-scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Pipelock Scan
|
|
uses: luckyPipewrench/pipelock@v2
|
|
with:
|
|
scan-diff: 'true'
|
|
fail-on-findings: 'true'
|
|
test-vectors: 'false'
|
|
exclude-paths: |
|
|
config/locales/views/reports/
|
|
docs/hosting/ai.md
|