Add security-scan workflow triggered once a week#10
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Duplicate security scan workflow not removed
- Deleted the legacy
.github/workflows/security_scan.ymlso only the new security scan workflow remains active.
- Deleted the legacy
This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
Reviewed by Cursor Bugbot for commit f271868. Configure here.
| secrets: inherit | ||
| with: | ||
| scan-image: false | ||
| scan-iac: false No newline at end of file |
There was a problem hiding this comment.
Duplicate security scan workflow not removed
Medium Severity
A pre-existing security_scan.yml workflow already exists in .github/workflows/, which runs a similar security scan (using security_scan_repo.yml@v6 on Mondays at 10AM). The newly added security-scan.yml appears to be its replacement (using security-scan.yml@v7), but the old file was not deleted. Both workflows will run on their respective schedules, producing redundant security scans.
Reviewed by Cursor Bugbot for commit f271868. Configure here.
1 participant
Note
Low Risk
Low risk: adds a new GitHub Actions workflow only, with no changes to application code or runtime behavior.
Overview
Adds a new GitHub Actions workflow
security-scan.ymlthat runs weekly (and on manual dispatch) to invoke the sharedZeroGachis/.githubsecurity scan workflow (@v7).The job inherits repository secrets, sets broad security-related permissions (including
security-events: write), and disables image and IaC scanning via inputs.Reviewed by Cursor Bugbot for commit f271868. Bugbot is set up for automated code reviews on this repo. Configure here.