Update ci-devsecops.yml #3

	name: CI DevSecOps

	on:
	push:
	branches: ["main", "master"]
	pull_request:

	jobs:
	build-and-scan:
	runs-on: windows-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup .NET
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: "8.0.x"

	- name: Restore
	run: dotnet restore "ThreadPilot.csproj"

	- name: Build Debug
	run: dotnet build "ThreadPilot.csproj" --configuration Debug --no-restore

	- name: Build Release
	run: dotnet build "ThreadPilot.csproj" --configuration Release --no-restore

	- name: Dependency Audit
	run: dotnet list "ThreadPilot.csproj" package --vulnerable --include-transitive

	- name: Secret Scan (Gitleaks)
	shell: pwsh
	run: \|
	$ErrorActionPreference = "Stop"

	$version = "8.24.3"
	$baseUrl = "https://github.com/gitleaks/gitleaks/releases/download/v$version"
	$zipAsset = "gitleaks_${version}_windows_x64.zip"
	$tarAsset = "gitleaks_${version}_windows_x64.tar.gz"

	Write-Host "Installing Gitleaks v$version"

	try {
	Invoke-WebRequest -Uri "$baseUrl/$zipAsset" -OutFile "gitleaks.zip"
	Expand-Archive -Path "gitleaks.zip" -DestinationPath ".\\gitleaks-bin" -Force
	}
	catch {
	Write-Host "ZIP download failed, trying tar.gz fallback"
	Invoke-WebRequest -Uri "$baseUrl/$tarAsset" -OutFile "gitleaks.tar.gz"
	New-Item -ItemType Directory -Force -Path ".\\gitleaks-bin" \| Out-Null
	tar -xzf "gitleaks.tar.gz" -C ".\\gitleaks-bin"
	}

	$gitleaksExe = Resolve-Path ".\\gitleaks-bin\\gitleaks.exe"
	& $gitleaksExe version

	# Scan working tree for hardcoded secrets.
	& $gitleaksExe detect --source "." --redact --verbose

Provide feedback