feat: add Claude Code security review workflow

- Integrate automated security scanning for pull requests - Use Claude AI to detect potential vulnerabilities - Post findings as PR comments for review Closes #23539
2025-12-07 03:45:27 +08:00 · 2025-08-07 12:49:48 +08:00
1 changed files with 27 additions and 0 deletions
--- a/.github/workflows/security-review.yml
+++ b/.github/workflows/security-review.yml
@@ -0,0 +1,27 @@
+name: Security Review
+
+permissions:
+  pull-requests: write
+  contents: read
+
+on:
+  pull_request:
+
+jobs:
+  security-review:
+    name: Claude Code Security Review
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+          fetch-depth: 2
+      
+      - name: Run Claude Code Security Review
+        uses: anthropics/claude-code-security-review@main
+        with:
+          claude-api-key: ${{ secrets.CLAUDE_API_KEY }}
+          comment-pr: true
+          upload-results: false