name: Dependency Security Scan
on:
  schedule:
    - cron: '0 12 * * 1'  # Weekly Monday noon UTC
  workflow_dispatch:

jobs:
  python-audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install pip-audit
      - run: pip-audit -r src/services/python/requirements.txt

  node-audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - run: npm audit --production