Add supply-chain advisory source refresh

2026-05-16 22:03:05 +08:00 · 2026-05-15 22:39:35 -04:00
parent 2d46c00763
commit a8e3bcb00f
11 changed files with 675 additions and 13 deletions
--- a/.github/workflows/supply-chain-watch.yml
+++ b/.github/workflows/supply-chain-watch.yml
@@ -40,11 +40,17 @@ jobs:
      - name: Validate IOC scanner fixtures
        run: node tests/ci/scan-supply-chain-iocs.test.js

+      - name: Validate advisory source fixtures
+        run: node tests/ci/supply-chain-advisory-sources.test.js
+
      - name: Generate IOC report
        run: |
          mkdir -p artifacts
          node scripts/ci/scan-supply-chain-iocs.js --json > artifacts/supply-chain-ioc-report.json

+      - name: Generate advisory source report
+        run: node scripts/ci/supply-chain-advisory-sources.js --refresh --json > artifacts/supply-chain-advisory-sources.json
+
      - name: Validate workflow hardening rules
        run: node scripts/ci/validate-workflow-security.js

@@ -53,5 +59,7 @@ jobs:
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: supply-chain-ioc-report
-          path: artifacts/supply-chain-ioc-report.json
+          path: |
+            artifacts/supply-chain-ioc-report.json
+            artifacts/supply-chain-advisory-sources.json
          retention-days: 14