Add Aikido Safe Chain for malware protection in CI/CD #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Aikido Safe Chain - Malware Detection for Package Installation | |
| # | |
| # This workflow integrates Aikido Safe Chain to protect against malicious packages | |
| # during dependency installation in CI/CD pipelines. | |
| # | |
| # What is Aikido Safe Chain? | |
| # Aikido Safe Chain is a free security tool that prevents developers from installing | |
| # malware through package managers (npm, pnpm, yarn, npx, pnpx). It wraps around | |
| # package manager commands and verifies packages against Aikido Intel - Open Sources | |
| # Threat Intelligence before installation. When malware is detected, it blocks the | |
| # installation and alerts the user. | |
| # | |
| # Key features: | |
| # - Free to use, no tokens required | |
| # - Works with Node.js 18+ | |
| # - Supports npm, pnpm, yarn, npx, and pnpx | |
| # - Currently offers limited scanning for pnpm (scans install command arguments) | |
| # - Full dependency tree scanning support coming soon for pnpm | |
| # | |
| # GitHub Repository: https://github.com/AikidoSec/safe-chain | |
| # Documentation: https://github.com/AikidoSec/safe-chain#usage-in-cicd | |
| name: Safe Chain Security Check | |
| on: | |
| pull_request: ~ | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| safe-chain-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install Aikido Safe Chain | |
| run: | | |
| npm install -g @aikidosec/safe-chain | |
| safe-chain setup-ci | |
| shell: bash | |
| - name: Install dependencies with malware protection | |
| run: pnpm install | |
| shell: bash | |
| - name: Verify installation | |
| run: | | |
| echo "✅ All dependencies installed successfully with Aikido Safe Chain protection" | |
| echo "📦 No malicious packages detected" |