Skip to content

Comments

build: add Socket Security (SFW) integration with configurable vulnerability scanning#7738

Merged
pradeepjangid195 merged 1 commit intomasterfrom
VL-3832-adding-sfw-support
Feb 6, 2026
Merged

build: add Socket Security (SFW) integration with configurable vulnerability scanning#7738
pradeepjangid195 merged 1 commit intomasterfrom
VL-3832-adding-sfw-support

Conversation

@pradeepjangid195
Copy link
Contributor

@pradeepjangid195 pradeepjangid195 commented Dec 12, 2025
edited
Loading

Summary

Integrates Socket Security (SFW) into the BitGoJS build pipeline to enhance supply chain security by scanning
dependencies for vulnerabilities during installation and build processes.

Changes

  • GitHub Actions CI/CD: Added Socket Security scanning to all workflow jobs

    • Updated .github/workflows/ci.yml with Socket Security integration
    • Updated .github/workflows/publish.yml with Socket Security integration
    • All yarn commands now run through sfw wrapper for security scanning

  • Docker Build: Enhanced Dockerfile with Socket Security support

    • Installs sfw globally in builder stage
    • All dependency installations scanned by Socket Security
    • Configurable via SOCKET_SECURITY_MODE build argument

  • Configurable Security Mode: Added SOCKET_SECURITY_MODE environment variable

    • monitor (default, non-blocking): Logs vulnerabilities but allows build to proceed
    • block: Fails build on detection of vulnerabilities
    • Can be configured per environment (CI, Docker, etc.)

Benefits

  • Proactive detection of malicious packages and vulnerabilities in dependencies
  • Configurable enforcement: start with monitoring, move to blocking as needed
  • Integrated into existing CI/CD pipeline with minimal disruption

Ticket: VL-3832

@pradeepjangid195 pradeepjangid195 force-pushed the VL-3832-adding-sfw-support branch 2 times, most recently from c7bff74 to 1f9b2db Compare December 22, 2025 14:29
@pradeepjangid195 pradeepjangid195 changed the title build: added SFW in the build pipeline build: add Socket Security (SFW) integration with configurable vulnerability scanning Dec 23, 2025
@pradeepjangid195 pradeepjangid195 marked this pull request as ready for review December 23, 2025 16:31
@pradeepjangid195 pradeepjangid195 requested review from a team as code owners December 23, 2025 16:31
zahin-mohammad
zahin-mohammad previously approved these changes Dec 29, 2025
View reviewed changes
@pradeepjangid195 pradeepjangid195 force-pushed the VL-3832-adding-sfw-support branch from 1f9b2db to 7ff3bba Compare January 27, 2026 17:49
@pradeepjangid195 pradeepjangid195 merged commit ec03d8e into master Feb 6, 2026
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zahin-mohammad zahin-mohammad zahin-mohammad approved these changes

@sasikumar-bitgo sasikumar-bitgo Awaiting requested review from sasikumar-bitgo sasikumar-bitgo is a code owner automatically assigned from BitGo/wallet-core-india

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pradeepjangid195 @zahin-mohammad