Skip to content

build: add Socket Security (SFW) integration with configurable vulnerability scanning #7738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pradeepjangid195 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build: add Socket Security (SFW) integration with configurable vulnerability scanning #7738

pradeepjangid195 wants to merge 1 commit into from
+50 −12

Conversation

@pradeepjangid195
Copy link

@pradeepjangid195 pradeepjangid195 commented Dec 12, 2025
edited
Loading

Summary

Integrates Socket Security (SFW) into the BitGoJS build pipeline to enhance supply chain security by scanning
dependencies for vulnerabilities during installation and build processes.

Changes

  • GitHub Actions CI/CD: Added Socket Security scanning to all workflow jobs

    • Updated .github/workflows/ci.yml with Socket Security integration
    • Updated .github/workflows/publish.yml with Socket Security integration
    • All yarn commands now run through sfw wrapper for security scanning

  • Docker Build: Enhanced Dockerfile with Socket Security support

    • Installs sfw globally in builder stage
    • All dependency installations scanned by Socket Security
    • Configurable via SOCKET_SECURITY_MODE build argument

  • Configurable Security Mode: Added SOCKET_SECURITY_MODE environment variable

    • monitor (default, non-blocking): Logs vulnerabilities but allows build to proceed
    • block: Fails build on detection of vulnerabilities
    • Can be configured per environment (CI, Docker, etc.)

Benefits

  • Proactive detection of malicious packages and vulnerabilities in dependencies
  • Configurable enforcement: start with monitoring, move to blocking as needed
  • Integrated into existing CI/CD pipeline with minimal disruption

Ticket: VL-3832

@pradeepjangid195 pradeepjangid195 force-pushed the VL-3832-adding-sfw-support branch from 9f367c8 to c7bff74 Compare December 19, 2025 07:19
@pradeepjangid195 pradeepjangid195 force-pushed the VL-3832-adding-sfw-support branch from c7bff74 to 1f9b2db Compare December 22, 2025 14:29
@pradeepjangid195 pradeepjangid195 changed the title build: added SFW in the build pipeline build: add Socket Security (SFW) integration with configurable vulnerability scanning Dec 23, 2025
@pradeepjangid195 pradeepjangid195 marked this pull request as ready for review December 23, 2025 16:31
@pradeepjangid195 pradeepjangid195 requested review from a team as code owners December 23, 2025 16:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zahin-mohammad zahin-mohammad Awaiting requested review from zahin-mohammad zahin-mohammad is a code owner automatically assigned from BitGo/wallet-core

@sasikumar-bitgo sasikumar-bitgo Awaiting requested review from sasikumar-bitgo sasikumar-bitgo is a code owner automatically assigned from BitGo/wallet-core-india

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pradeepjangid195