# `mix mob.security_scan.log` [🔗](https://github.com/genericjam/mob_dev/blob/main/lib/mix/tasks/mob.security_scan.log.ex#L1) Scheduled-run helper for the security scan. Designed to be invoked by cron, GitHub Actions, or any other recurring trigger. Each run does four things: 1. Runs the full `mix mob.security_scan` against the project. 2. **Overwrites** `SECURITY_SCAN.md` — a current-state snapshot you can point at to answer "what's the situation right now?". 3. **Prepends** a changelog entry to `SECURITY_HISTORY.md` — newest at the top — describing what's New / Resolved / Still present since the last logged run. 4. Updates the JSON state sidecar at `.security_scan/state.json` so the next run can compute its diff. Commit all three files. The state file is what makes the changelog meaningful across machines and CI runs — without it every scheduled run reports every finding as "new" and the history loses signal. ## Usage mix mob.security_scan.log # default paths mix mob.security_scan.log --scan SECURITY.md \ --history HISTORY.md \ --state .scan/state.json mix mob.security_scan.log --strict # exit 1 if any high+ finding ## Suggested cron entry # daily at 06:00 local 0 6 * * * cd /path/to/project && mix mob.security_scan.log >> /tmp/security_scan.log 2>&1 ## Suggested GitHub Actions workflow name: security-scan on: schedule: [{cron: "0 6 * * *"}] workflow_dispatch: jobs: scan: runs-on: macos-latest steps: - uses: actions/checkout@v4 - uses: erlef/setup-beam@v1 with: {elixir-version: "1.19", otp-version: "28"} - run: brew install osv-scanner semgrep flawfinder detekt swiftlint - run: mix deps.get - run: mix mob.security_scan.log - uses: peter-evans/create-pull-request@v6 with: title: "security: weekly scan update" commit-message: "security: weekly scan update" branch: security-scan-update add-paths: SECURITY_SCAN.md SECURITY_HISTORY.md .security_scan/state.json --- *Consult [api-reference.md](api-reference.md) for complete listing*