From 830a760c21c38e0680194ea853087675f84bfe04 Mon Sep 17 00:00:00 2001 From: MetaMask Security Bot Date: Tue, 5 May 2026 13:50:11 +0000 Subject: [PATCH] chore: add MetaMask Security Code Scanner workflow This PR adds the MetaMask Security Code Scanner workflow to enable automated security scanning of the codebase. The scanner will run on: - Push to main branch - Pull requests to main branch - Manual workflow dispatch To configure the scanner for your repository's specific needs, please review the workflow file and adjust as necessary. --- .github/workflows/security-code-scanner.yml | 51 +++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/security-code-scanner.yml diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml new file mode 100644 index 00000000..b7cd9073 --- /dev/null +++ b/.github/workflows/security-code-scanner.yml @@ -0,0 +1,51 @@ +name: MetaMask Security Code Scanner + +on: + push: + branches: + - main + pull_request: + branches: + - main + workflow_call: + secrets: + SECURITY_SCAN_METRICS_TOKEN: + required: false + APPSEC_BOT_SLACK_WEBHOOK: + required: false + workflow_dispatch: + +jobs: + security-scan: + uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2 + permissions: + actions: read + contents: read + security-events: write + with: + repo: ${{ github.repository }} + scanner-ref: 'v2' + paths-ignored: | + node_modules + **/node_modules/** + **/__snapshots__/** + __snapshots_linux__ + **/__stories__/** + .storybook/ + **/*.test.ts + **/*.test.tsx + **/*.test.js + **/*.test.jsx + **/*.spec.ts + **/*.spec.tsx + **/*.spec.js + **/*.spec.jsx + **/test*/** + **/e2e/** + **/tests/** + languages-config: | + [ + ] + secrets: + project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }} + slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}