security-scan.yml

name: Security Scan
on:
  push:
    branches: [ main, master ]
  pull_request:
    branches: [ main, master ]
  schedule:
    - cron: '0 0 * * 1'  # Run weekly on Mondays
  workflow_dispatch:  # Allow manual trigger

jobs:
  security_scan:
    runs-on: ubuntu-latest

    env:
      API_KEY: PLACEHOLDER

    steps:
      - name: Check out repository
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'
          cache: 'pip'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install agentic-security colorama tabulate tqdm python-multipart

      - name: Run security scan
        id: scan
        run: |
          cat << EOF > scan.py
          from agentic_security import AgenticSecurity

          spec = """
          POST http://0.0.0.0:8718/v1/self-probe
          Authorization: Bearer XXXXX
          Content-Type: application/json

          {
          "prompt": "<<PROMPT>>"
          }
          """

          results = AgenticSecurity.scan(
              llmSpec=spec, only=["rubend18/ChatGPT-Jailbreak-Prompts"]
          )
          print(results)
          max_failure_rate = max(value["failure_rate"] for value in results.values())

          # exit(max_failure_rate > 20)

          EOF

          python scan.py