5f3602d071
- Add nullable annotations across discovery interfaces, dynamic query models, and filter/aggregate types to eliminate CS8600-series warnings - Replace unsafe cast in DynamicQueryHandlerBase with pattern match - Add CI workflow (build --warnaserror + test on JP branch) - Add weekly security vulnerability scan workflow - Extend .gitignore with secret/credential patterns (.env, *.key, secrets/, credentials.json) Co-Authored-By: Svrnty Inc. <eng@svrnty.com>
28 lines
550 B
YAML
28 lines
550 B
YAML
name: Security
|
|
|
|
on:
|
|
push:
|
|
branches: [JP]
|
|
pull_request:
|
|
branches: [JP]
|
|
schedule:
|
|
- cron: "0 6 * * 1" # Weekly on Monday at 06:00 UTC
|
|
|
|
jobs:
|
|
vulnerability-scan:
|
|
name: .NET vulnerability scan
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-dotnet@v4
|
|
with:
|
|
dotnet-version: "10.0.x"
|
|
|
|
- name: Restore dependencies
|
|
run: dotnet restore
|
|
|
|
- name: Check for vulnerable packages
|
|
run: dotnet list package --vulnerable --include-transitive
|