├── index.js
├── package.json
└── .github
    └── workflows
        └── security.yml


/index.js:
--------------------------------------------------------------------------------
1 | function greet(name) {
2 |   return `Hello, ${name}`;
3 | }
4 | 
5 | console.log(greet("World"));
6 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "program",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "test": "echo \"Error: no test specified\" && exit 1"
 7 |   },
 8 |   "keywords": [],
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "description": ""
12 | }
13 | 


--------------------------------------------------------------------------------
/.github/workflows/security.yml:
--------------------------------------------------------------------------------
 1 | name: Security Checks
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [main]
 6 |   pull_request:
 7 |     branches: [main]
 8 | 
 9 | jobs:
10 |   security:
11 |     runs-on: ubuntu-latest
12 | 
13 |     steps:
14 |       - name: Checkout Code
15 |         uses: actions/checkout@v3
16 | 
17 |       - name: Set up Node.js
18 |         uses: actions/setup-node@v4
19 |         with:
20 |           node-version: "20"
21 | 
22 |       - name: Install Dependencies
23 |         run: npm install
24 | 
25 |       - name: Run SAST with Semgrep
26 |         uses: returntocorp/semgrep-action@v1
27 |         with:
28 |           config: auto
29 | 
30 |       - name: Run SCA with Snyk
31 |         uses: snyk/actions/node@v1
32 |         env:
33 |           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
34 |         with:
35 |           command: test
36 | 


--------------------------------------------------------------------------------