Merge pull request #1214 from dsd2077/main #26

	name: Security Scan

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	jobs:
	# Dependency vulnerability audit
	dependency-audit:
	name: Dependency Audit
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Use Node.js 20.x
	uses: actions/setup-node@v4
	with:
	node-version: 20.x

	- name: Install dependencies
	run: npm ci

	- name: Run npm audit
	run: npm audit --audit-level=high
	continue-on-error: true

	- name: Run npm audit (JSON output)
	run: npm audit --json > audit-report.json \|\| true

	- name: Upload audit report
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: npm-audit-report
	path: audit-report.json
	retention-days: 30

	# Secrets and sensitive information detection
	secrets-scan:
	name: Secrets Detection
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Full history for better detection

	- name: Run Gitleaks
	uses: gitleaks/gitleaks-action@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Run TruffleHog (OSS)
	uses: trufflesecurity/trufflehog@main
	with:
	extra_args: --only-verified
	continue-on-error: true

Provide feedback