Vulnerability Scanning
Automated security scanning for the Gauzy codebase.
Dependency Scanning
npm/Yarn Audit
# Check for known vulnerabilities
yarn audit
# Fix automatically where possible
yarn audit fix
Snyk
# Install Snyk
npm install -g snyk
# Test for vulnerabilities
snyk test
# Monitor project
snyk monitor
Container Scanning
Trivy
# Scan Docker image
trivy image ghcr.io/ever-co/gauzy-api:latest
# Scan filesystem
trivy fs .
GitHub Security
Enable GitHub vulnerability alerts:
- Repository Settings → Code security and analysis
- Enable Dependabot alerts
- Enable Dependabot security updates
- Enable Code scanning with CodeQL
CI/CD Integration
# In GitHub Actions
- name: Security Scan
uses: snyk/actions/node@master
with:
args: --severity-threshold=high
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Container Scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/ever-co/gauzy-api:latest
severity: CRITICAL,HIGH
Scan Schedule
| Type | Frequency | Tool |
|---|---|---|
| Dependency audit | Daily | Dependabot |
| Container scan | Per build | Trivy |
| SAST | Per PR | CodeQL |
| Secrets detection | Per commit | GitLeaks |
Related Pages
- Security Overview — security guide
- Security Headers — headers config