Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Build] Setup Dependabot and CodeQL for SecOps #10

Open
1 task
xames3 opened this issue Oct 27, 2024 · 1 comment
Open
1 task

[Build] Setup Dependabot and CodeQL for SecOps #10

xames3 opened this issue Oct 27, 2024 · 1 comment
Assignees
@xames3
Labels
ci/cd modifications to CI/CD pipelines or processes enhancement enhancements to existing functionality or the addition of new features or content high priority pull requests that should be reviewed and merged as a priority due to their importance miscellaneous miscellaneous changes and some of the general inner workings open science contributions that enhance transparency, reproducibility, or accessibility in line with Open Science work in progress pull requests that are not yet ready for review or merging

Comments

@xames3
Copy link
Collaborator

xames3 commented Oct 27, 2024

  • this issue is more or less housekeeping involved and can be worked alongside the setting up actions workflow issue. the obvious deliverables for successful closure of this issue would be:

    • setting up a dependabot workflow for keeping the repository and requirements up-to-date with proper security vulnerabilities check.

ideally, it should be taken up alongside the workflows issue.
@xames3 xames3 self-assigned this Oct 27, 2024
@xames3 xames3 converted this from a draft issue Oct 27, 2024
@xames3 xames3 added enhancement enhancements to existing functionality or the addition of new features or content ci/cd modifications to CI/CD pipelines or processes high priority pull requests that should be reviewed and merged as a priority due to their importance open science contributions that enhance transparency, reproducibility, or accessibility in line with Open Science miscellaneous miscellaneous changes and some of the general inner workings work in progress pull requests that are not yet ready for review or merging labels Oct 27, 2024
@xames3
Copy link
Collaborator Author

xames3 commented Oct 31, 2024

  • codeQL has been enabled. although the repository doesn't consist any relevant code to scan through, I've still added the codeQL as a safeguarding option.
  • have also enabled checking for any secrets on push. this can certainly avoid spoilers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xames3 xames3

Labels
ci/cd modifications to CI/CD pipelines or processes enhancement enhancements to existing functionality or the addition of new features or content high priority pull requests that should be reviewed and merged as a priority due to their importance miscellaneous miscellaneous changes and some of the general inner workings open science contributions that enhance transparency, reproducibility, or accessibility in line with Open Science work in progress pull requests that are not yet ready for review or merging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xames3