Nicolas Cantu
2e65e11ebb
Some checks failed
CI - 4NK_node / Code Quality (push) Failing after 38s
CI - 4NK_node / Unit Tests (push) Failing after 36s
CI - 4NK_node / Integration Tests (push) Successful in 32s
CI - 4NK_node / Security Tests (push) Failing after 33s
CI - 4NK_node / Docker Build & Test (push) Failing after 16s
CI - 4NK_node / Documentation Tests (push) Successful in 11s
CI - 4NK_node / Security Audit (push) Successful in 9s
CI - 4NK_node / Release Guard (push) Has been skipped
CI - 4NK_node / Performance Tests (push) Successful in 35s
CI - 4NK_node / Notify (push) Failing after 2s
36 lines
1.1 KiB
Bash
36 lines
1.1 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
echo "[security-audit] démarrage"
|
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. && pwd)"
|
|
cd "$ROOT_DIR"
|
|
|
|
rc=0
|
|
|
|
# 1) Audit npm (si package.json présent)
|
|
if [ -f package.json ]; then
|
|
echo "[security-audit] npm audit --audit-level=moderate"
|
|
if ! npm audit --audit-level=moderate; then rc=1; fi || true
|
|
else
|
|
echo "[security-audit] pas de package.json (ok)"
|
|
fi
|
|
|
|
# 2) Audit Rust (si Cargo.toml présent)
|
|
if command -v cargo >/dev/null 2>&1 && [ -f Cargo.toml ] || find . -maxdepth 2 -name Cargo.toml | grep -q . ; then
|
|
echo "[security-audit] cargo audit"
|
|
if ! cargo audit --deny warnings; then rc=1; fi || true
|
|
else
|
|
echo "[security-audit] pas de projet Rust (ok)"
|
|
fi
|
|
|
|
# 3) Recherche de secrets grossiers
|
|
echo "[security-audit] scan secrets"
|
|
if grep -RIE "(?i)(api[_-]?key|secret|password|private[_-]?key)" --exclude-dir .git --exclude-dir node_modules --exclude-dir target --exclude "*.md" . >/dev/null 2>&1; then
|
|
echo "[security-audit] secrets potentiels détectés"; rc=1
|
|
else
|
|
echo "[security-audit] aucun secret évident"
|
|
fi
|
|
|
|
echo "[security-audit] terminé rc=$rc"
|
|
exit $rc
|