feat(security): prod-readiness PR 1 of 5 — bearer auth, security headers, error envelope #74
aksOpssecurity.yml
on: pull_request
OSV-Scanner (SCA)
5s
Trivy (filesystem + container scan)
30s
Semgrep (SAST)
30s
Gitleaks (secret scan)
12s
jscpd (duplication < 3% on touched code)
17s
SBOM (SPDX + CycloneDX)
14s
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sbom
|
31 KB |
sha256:cefcd4eca06c011fa8e176156097fbeaf7f5a105d00d8e84ec52f7bec0f254a7
|
|