Security #139

	jobs:
	codeql:
	env:
	TURBO_TEAM: ${{ vars.TURBO_TEAM }}
	TURBO_TELEMETRY_DISABLED: ${{ vars.TURBO_TELEMETRY_DISABLED }}
	TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
	name: CodeQL
	permissions:
	packages: read
	security-events: write
	runs-on: ubuntu-latest

	steps:
	- name: Repository checkout
	uses: actions/checkout@v4.2.2

	- name: Node.js setup
	uses: actions/setup-node@v4.1.0
	with:
	cache: npm
	cache-dependency-path: package-lock.json
	node-version: 18.20.4

	- name: Dependencies installation
	run: npm ci

	- name: Test
	run: npm test

	- name: Initialization
	uses: github/codeql-action/init@v3.27.0
	with:
	languages: javascript-typescript

	- name: Analysis
	uses: github/codeql-action/analyze@v3.27.0

	- name: Results upload
	uses: github/codeql-action/upload-sarif@v3.27.0
	with:
	category: codeql-analysis

	snyk:
	name: Snyk
	permissions:
	security-events: write
	runs-on: ubuntu-latest

	steps:
	- name: Repository checkout
	uses: actions/checkout@v4.2.2

	- name: Node.js setup
	uses: actions/setup-node@v4.1.0
	with:
	cache: npm
	cache-dependency-path: package-lock.json
	node-version: 18.20.4

	- name: Dependencies installation
	run: npm ci

	- continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	name: Analysis
	uses: snyk/actions/node@0.4.0
	with:
	args: --sarif-file-output=snyk.sarif

	- name: Results upload
	uses: github/codeql-action/upload-sarif@v3.27.0
	with:
	category: snyk-analysis
	sarif_file: snyk.sarif

	name: Security

	on:
	pull_request:
	branches: [main]
	push:
	branches: [main]
	schedule:
	- cron: 25 16 * * 4

Provide feedback