Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases 85 Wiki Activity
137 Commits 61 Branches 86 Tags
105b3c59d7f8da28efc66b52dde9c650143a523e
Commit Graph

8 Commits

Author SHA1 Message Date
Toutsu 11f6b1bcc9 Merge remote-tracking branch 'origin/main' into feature/trivy-security-scan
PR Checks / test-and-build (pull_request) Successful in 5m50s
Details
2026-05-12 12:59:49 +03:00
Toutsu 06d40fdbc8 ci: add deep SAST via SecurityCodeScan Roslyn analyzer
PR Checks / security-scan (pull_request) Failing after 1m17s
Details
PR Checks / test-and-build (pull_request) Successful in 3m27s
Details 
- SecurityCodeScan.VS2019 5.6.7 injected into Directory.Build.props
  scans all C# source during every dotnet build
- HIGH/CRITICAL findings fail the build because TreatWarningsAsErrors=true
- No extra CI step needed: analyzer runs inside every build job automatically

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-12 12:45:36 +03:00
Toutsu 043ed9ce45 ci: add Trivy security scanning (SAST/SCA) to pipeline
PR Checks / security-scan (pull_request) Failing after 1m15s
Details
PR Checks / test-and-build (pull_request) Successful in 3m24s
Details 
- PR checks: filesystem scan with Trivy (vuln, secret, misconfig)
- Deploy pipeline: image scan for bot and web containers before deploy
- Scans entire repository, not filtered file subsets
- Bump version -> 1.14.0

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-12 12:42:32 +03:00
Toutsu 105a051c2f ci: install latest trivy and verify scan inputs
PR Checks / test-and-build (pull_request) Failing after 6m30s
Details 
Enable NuGet lock files so Trivy has dependency targets, fail PR checks when no lock files or language-specific files are detected, and let the installer fetch the latest Trivy release.
 2026-05-12 12:20:42 +03:00
Hermes Agent 007806a5d8 feat(ci): add C# linter and security scanner to PR checks
Deploy Telegram Bot / build-and-push (push) Successful in 24s
Details
Deploy Telegram Bot / deploy (push) Successful in 10s
Details 
- dotnet format --verify-no-changes (C# code style linting)
- dotnet list package --vulnerable --include-transitive (NuGet vulnerability check)
- Trivy filesystem scan (CVE, secrets, dependency scanning)
 2026-05-11 20:11:15 +00:00
root cad4e5c30e fix(ci): remove --no-build from dotnet test step
Deploy Telegram Bot / build-and-push (push) Successful in 21s
Details
Deploy Telegram Bot / deploy (push) Successful in 13s
Details
2026-05-06 09:52:46 +00:00
root 77647e4bb8 fix(ci): use ubuntu runner + setup-dotnet instead of container image
Deploy Telegram Bot / build-and-push (push) Successful in 19s
Details
Deploy Telegram Bot / deploy (push) Successful in 13s
Details
2026-05-06 09:46:52 +00:00
root 17c631aef2 ci: add PR checks workflow — test + build, no publish
Deploy Telegram Bot / build-and-push (push) Successful in 21s
Details
Deploy Telegram Bot / deploy (push) Successful in 10s
Details
2026-05-06 09:40:11 +00:00