Vulnerability Scanning
Automated security scanning for the Gauzy codebase.
Dependency Scanningβ
npm/Yarn Auditβ
# Check for known vulnerabilities
yarn audit
# Fix automatically where possible
yarn audit fix
Snykβ
# Install Snyk
npm install -g snyk
# Test for vulnerabilities
snyk test
# Monitor project
snyk monitor
Container Scanningβ
Trivyβ
# Scan Docker image
trivy image ghcr.io/ever-co/gauzy-api:latest
# Scan filesystem
trivy fs .
GitHub Securityβ
Enable GitHub vulnerability alerts:
- Repository Settings β Code security and analysis
- Enable Dependabot alerts
- Enable Dependabot security updates
- Enable Code scanning with CodeQL
CI/CD Integrationβ
# In GitHub Actions
- name: Security Scan
uses: snyk/actions/node@master
with:
args: --severity-threshold=high
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Container Scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/ever-co/gauzy-api:latest
severity: CRITICAL,HIGH
Scan Scheduleβ
| Type | Frequency | Tool |
|---|---|---|
| Dependency audit | Daily | Dependabot |
| Container scan | Per build | Trivy |
| SAST | Per PR | CodeQL |
| Secrets detection | Per commit | GitLeaks |
Related Pagesβ
- Security Overview β security guide
- Security Headers β headers config