Skip to content

build: add Socket Security (SFW) integration with configurable vulnerability scanning#7738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pradeepjangid195 wants to merge 1 commit into
base:master
Choose a base branch
from
Open

build: add Socket Security (SFW) integration with configurable vulnerability scanning #7738

pradeepjangid195 wants to merge 1 commit into from
+44 −10

Conversation

@pradeepjangid195
Copy link
Contributor

@pradeepjangid195pradeepjangid195 commented Dec 12, 2025
edited
Loading

Summary

Integrates Socket Security (SFW) into the BitGoJS build pipeline to enhance supply chain security by scanning
dependencies for vulnerabilities during installation and build processes.

Changes

  • GitHub Actions CI/CD: Added Socket Security scanning to all workflow jobs

    • Updated .github/workflows/ci.yml with Socket Security integration
    • Updated .github/workflows/publish.yml with Socket Security integration
    • All yarn commands now run through sfw wrapper for security scanning

  • Docker Build: Enhanced Dockerfile with Socket Security support

    • Installs sfw globally in builder stage
    • All dependency installations scanned by Socket Security
    • Configurable via SOCKET_SECURITY_MODE build argument

  • Configurable Security Mode: Added SOCKET_SECURITY_MODE environment variable

    • monitor (default, non-blocking): Logs vulnerabilities but allows build to proceed
    • block: Fails build on detection of vulnerabilities
    • Can be configured per environment (CI, Docker, etc.)

Benefits

  • Proactive detection of malicious packages and vulnerabilities in dependencies
  • Configurable enforcement: start with monitoring, move to blocking as needed
  • Integrated into existing CI/CD pipeline with minimal disruption

Ticket: VL-3832

@pradeepjangid195pradeepjangid195force-pushed the VL-3832-adding-sfw-support branch 2 times, most recently from c7bff74 to 1f9b2dbCompareDecember 22, 2025 14:29
@pradeepjangid195pradeepjangid195 changed the title build: added SFW in the build pipelinebuild: add Socket Security (SFW) integration with configurable vulnerability scanningDec 23, 2025
@pradeepjangid195pradeepjangid195 marked this pull request as ready for review December 23, 2025 16:31
zahin-mohammad
zahin-mohammad previously approved these changes Dec 29, 2025
View reviewed changes
@pradeepjangid195pradeepjangid195force-pushed the VL-3832-adding-sfw-support branch from 1f9b2db to 7ff3bbaCompareJanuary 27, 2026 17:49
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sasikumar-bitgosasikumar-bitgoAwaiting requested review from sasikumar-bitgosasikumar-bitgo is a code owner automatically assigned from BitGo/wallet-core-india

@zahin-mohammadzahin-mohammadAwaiting requested review from zahin-mohammad

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pradeepjangid195@zahin-mohammad