diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..42f3b1b --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,31 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: "/" + schedule: + interval: weekly + day: monday + time: "06:00" + timezone: Etc/UTC + open-pull-requests-limit: 5 + groups: + npm-security: + applies-to: security-updates + patterns: + - "*" + npm-minor-patch: + applies-to: version-updates + update-types: + - minor + - patch + + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly + day: monday + open-pull-requests-limit: 3 + groups: + actions: + patterns: + - "*" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..4d97046 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,30 @@ +name: CodeQL + +on: + push: + branches: [master, main] + pull_request: + branches: [master, main] + schedule: + - cron: '17 6 * * 1' + +permissions: + actions: read + contents: read + security-events: write + +jobs: + analyze: + name: Analyze (JS/TS) + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v3 + with: + languages: javascript-typescript + queries: security-extended + - uses: github/codeql-action/autobuild@v3 + - uses: github/codeql-action/analyze@v3 + with: + category: "/language:javascript-typescript" diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml new file mode 100644 index 0000000..89d7540 --- /dev/null +++ b/.github/workflows/osv-scanner.yml @@ -0,0 +1,22 @@ +name: OSV-Scanner + +on: + push: + branches: [master, main] + pull_request: + branches: [master, main] + schedule: + - cron: '0 6 * * *' + +permissions: + actions: read + contents: read + security-events: write + +jobs: + scan: + uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.1 + permissions: + actions: read + contents: read + security-events: write