Security Audit #10

	name: Security Audit

	on:
	push:
	schedule:
	- cron: '45 12 * * *'

	jobs:
	composer-audit:
	name: 'Composer Security Vulnerabilities Audit'
	permissions:
	contents: read
	runs-on: ubuntu-latest

	steps:
	- uses: shivammathur/setup-php@v2
	with:
	php-version: 8.2
	tools: composer
	coverage: none

	- uses: actions/checkout@v4

	- name: 'Check security vulnerabilities'
	run: composer audit --locked

	psalm-security:
	name: 'Psalm Security Scan'
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: 'Psalm Security Scan'
	uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287

	- name: 'Upload Security Analysis results to GitHub'
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: results.sarif

Provide feedback