From c0b3517f7592065ad4ea03270f1968a176e7910e Mon Sep 17 00:00:00 2001
From: Mike McNeil <mikermcneil@users.noreply.github.com>
Date: Mon, 1 Dec 2025 15:04:10 -0600
Subject: [PATCH] Add malicious package checking (Shai-Halud only) to website
 CI/CD test script (#36438)

---
 .github/workflows/test-website.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/test-website.yml b/.github/workflows/test-website.yml
index cf161a9127..18d1ebd218 100644
--- a/.github/workflows/test-website.yml
+++ b/.github/workflows/test-website.yml
@@ -66,5 +66,13 @@ jobs:
       # Run sanity checks
       - run: cd website/ && npm test
 
+      # Scan for malicious packages
+      # - name: Security Scan with Shai-Hulud Detector
+#         run: |
+          # git clone https://github.com/Cobenian/shai-hulud-detect
+#          cd shai-hulud-detect
+#          chmod +x shai-hulud-detector.sh
+# #          ./shai-hulud-detector.sh --paranoid ../ # Pipeline will automatically fail on exit codes 1 or 2
+
       # Compile assets
       - run: cd website/ && BUILD_SCRIPT_ARGS="--githubAccessToken=${{ secrets.FLEET_GITHUB_TOKEN_FOR_WEBSITE_TEST }}" npm run build-for-prod