Create security.yaml

.github/workflows/security.yaml

@@ -0,0 +1,29 @@
+name: Security Check
+
+on:
+  schedule:
+    - cron: '0 13 * * 0'
+
+jobs:
+  security_check:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+
+    - name: Audit dependencies for vulnerabilities
+      run: npm audit --audit-level=high || echo "Vulnerabilities found"
+
+    - name: Send Email if vulnerabilities are found
+      if: failure()
+      uses: dawidd6/action-send-mail@v3
+      with:
+        server_address: smtp.office365.com
+        server_port: 587
+        username: ${{ secrets.OUTLOOK_USERNAME }}
+        password: ${{ secrets.OUTLOOK_PASSWORD }}
+        subject: "Security Alert: Vulnerabilities Detected"
+        body: "Dependabot found vulnerabilities in your project dependencies. Please review the logs."
+        to: "dome@in2.es"
+        from: "oriol.canades@in2.es"