docs: add AI security review notice to README #21
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, master ] | |
| pull_request: | |
| branches: [ main, master ] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '9.0.x' | |
| - name: Restore dependencies | |
| run: dotnet restore | |
| - name: Build | |
| run: dotnet build --no-restore --configuration Release | |
| - name: Test | |
| run: dotnet test --no-build --configuration Release --verbosity normal --logger "trx;LogFileName=test-results.trx" | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: test-results | |
| path: '**/test-results.trx' | |
| ai-pr-review: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: build | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: AI PR Review | |
| uses: github/copilot-code-review-action@v1 | |
| with: | |
| model: gpt-4o | |
| custom_instructions: | | |
| You are a rigorous senior code reviewer tasked with preventing security vulnerabilities in code submissions. | |
| Your assessment must be based on the code diffs of each commit. | |
| - Language: English | |
| - Focus on .NET security policy and best practices | |
| - Flag any potential SQL injection, XSS, path traversal, insecure deserialization, or other OWASP Top 10 risks | |
| - Check for hardcoded secrets, credentials, or sensitive data exposure | |
| - Verify proper input validation and output encoding | |
| - Ensure secure file I/O patterns (no arbitrary file access) |