berkus
/
wifi-densepose
mirror of https://github.com/ruvnet/wifi-densepose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
wifi-densepose/.github/workflows
History
ruv d7d933af87 fix(ci): SAST actually scans the code + drop deprecated flaky semgrep action 
Two real problems in the Static Application Security Testing job:

1. **It scanned a path that no longer exists.** `bandit -r src/` and
   `semgrep … src/` pointed at the repo-root `src/`, but the Python code
   moved to `archive/v1/src/` (64 .py files) when the runtime was rewritten
   in Rust. So the SAST scan matched nothing — a silent no-op (this is also
   why `bandit-results.sarif` was "Path does not exist" on recent runs).
   Fixed both to `archive/v1/src/`.

2. **Deprecated + redundant + flaky semgrep step.** The
   `returntocorp/semgrep-action@v1` step pulled `returntocorp/semgrep-agent:v1`
   from Docker Hub every run (intermittently timing out → red check, e.g. on
   #929) and is EOL. It was redundant: the pip `semgrep --sarif` step is what
   feeds GitHub Security; the action only pushed to the Semgrep cloud app via
   SEMGREP_APP_TOKEN. Removed it and folded its `p/docker` + `p/kubernetes`
   rulesets into the pip semgrep command, so coverage is preserved with no
   Docker pull.

The job stays `continue-on-error: true` (non-gating). YAML validated.

Co-Authored-By: claude-flow <ruv@ruv.net>
 		2026-06-03 11:11:42 +02:00
..
aether-arena-harness.yml feat(aether-arena): benchmark-first scorer + witness chain + repeatability (M2/M5/M7) 2026-05-30 16:59:11 -04:00
bfld-mqtt-integration.yml feat(adr-118/p6.5): GitHub Actions mosquitto Docker CI workflow (235/235 GREEN) 2026-05-24 18:49:49 -04:00
cd.yml security: Fix GitHub Actions shell injection vulnerability 2026-02-28 20:40:25 +01:00
ci.yml ci: use Swatinem/rust-cache for the Rust workspace job (reliability) (#925) 2026-06-03 09:12:26 +02:00
clone-tracking.yml feat(traffic): clone+view tracking → data/clone-data.rvf (ruvector JSONL RVF) (#656) 2026-05-19 19:17:15 -04:00
cog-ha-matter-release.yml cog-ha-matter (ADR-116 P8): CI release workflow + fix inherited filename bug 2026-05-23 23:05:54 -04:00
dashboard-a11y.yml chore(deps): bump actions/setup-node from 4 to 6 (#447) 2026-05-17 18:11:11 -04:00
dashboard-pages.yml chore(deps): bump actions/setup-node from 4 to 6 (#447) 2026-05-17 18:11:11 -04:00
desktop-release.yml chore(deps): bump actions/setup-node from 4 to 6 (#447) 2026-05-17 18:11:11 -04:00
firmware-ci.yml ADR-110: ESP32-C6 firmware extension (#764) 2026-05-23 15:34:48 -04:00
firmware-qemu.yml fix(firmware): fall detection, 4MB flash, QEMU CI (#263, #265) 2026-03-15 11:49:29 -04:00
fix-regression-guard.yml chore(deps): bump actions/setup-python from 5 to 6 (#453) 2026-05-17 18:11:33 -04:00
mqtt-integration.yml ADR-115: Home Assistant + Matter integration (#778) 2026-05-23 16:13:28 -04:00
nvsim-server-docker.yml chore(deps): bump docker/metadata-action from 5 to 6 (#449) 2026-05-17 18:11:18 -04:00
pip-release.yml feat(adr-117): pip wifi-densepose modernization (PIP-PHOENIX) + ruview sibling release (#786) 2026-05-24 13:00:38 -04:00
pointcloud-pages.yml feat(pointcloud): integrate ESP32 CSI as optional data stream from hosted viewer 2026-04-29 20:33:00 -04:00
ruview-swarm-ci.yml ci(ruview-swarm): install clippy on the pinned 1.89 toolchain 2026-05-31 10:51:04 -04:00
security-scan.yml fix(ci): SAST actually scans the code + drop deprecated flaky semgrep action 2026-06-03 11:11:42 +02:00
sensing-server-docker.yml fix(ci): use docker login --password-stdin (bypass login-action@v3) 2026-05-25 15:42:40 -04:00
threejs-pages.yml feat(pages): deploy three.js demos to gh-pages/three.js/ (#649) 2026-05-19 18:17:43 -04:00
update-submodules.yml ci: fix "Update vendor submodules" workflow (identity + drop --merge) 2026-05-11 12:33:40 -04:00
verify-pipeline.yml fix(proof): cross-platform tolerance gate for verify.py determinism 2026-05-31 12:07:00 -04:00