1- name : Run GuardDog Scan on PRs
1+ name : GuardDog Full Security Scan
22
33on :
44 push :
@@ -10,5 +10,62 @@ permissions:
1010 contents : read
1111
1212jobs :
13- call-guarddog-scan :
14- uses : step-security/reusable-workflows/.github/workflows/guarddog.yml@release_guarddog-security
13+ guarddog :
14+ name : GuardDog - Full Scan
15+ runs-on : ubuntu-latest
16+ permissions :
17+ contents : read
18+
19+ steps :
20+ - uses : actions/checkout@v4
21+
22+ - name : Set up Python
23+ uses : actions/setup-python@v5
24+ with :
25+ python-version : " 3.10"
26+
27+ - name : Install GuardDog
28+ run : pip install guarddog
29+
30+ - name : Create custom temp directory
31+ run : mkdir -p ${{ github.workspace }}/guarddog-tmp
32+
33+ - name : Set TMPDIR
34+ run : echo "TMPDIR=${{ github.workspace }}/guarddog-tmp" >> $GITHUB_ENV
35+
36+ - name : 🐶 Local files scan
37+ id : local_scan
38+ continue-on-error : true
39+ run : |
40+ guarddog npm scan . --output-format json > guarddog_local.json 2>&1
41+ cat guarddog_local.json
42+
43+ name : 🔍 Dependency scan (package.json)
44+ id : deps_scan
45+ continue-on-error : true
46+ run : |
47+ guarddog npm verify ./package.json --output-format json > guarddog_deps.json 2>&1
48+ cat guarddog_deps.json
49+
50+ name : 📦 Upload GuardDog outputs
51+ uses : actions/upload-artifact@v4
52+ with :
53+ name : guarddog-results
54+ path : |
55+ guarddog_local.json
56+ guarddog_deps.json
57+
58+ name : ❗ Final check for findings
59+ run : |
60+ local_issues=$(jq '[.results[] | select(length > 0)] | length' guarddog_local.json)
61+ dep_issues=$(jq '[.results[] | select(length > 0)] | length' guarddog_deps.json)
62+
63+ echo "Local scan findings: $local_issues"
64+ echo "Dependency scan findings: $dep_issues"
65+
66+ if [ "$local_issues" -gt 0 ] || [ "$dep_issues" -gt 0 ]; then
67+ echo "❌ GuardDog found issues"
68+ exit 1
69+ else
70+ echo "✅ GuardDog found no issues"
71+ fi
0 commit comments