IBM
diff --git a/‎.github/workflows/bandit.yml
Lines changed: 31 additions & 31 deletions b/‎.github/workflows/bandit.yml
Lines changed: 31 additions & 31 deletions
diff --git a/‎.github/workflows/codeql.yml
Lines changed: 54 additions & 54 deletions b/‎.github/workflows/codeql.yml
Lines changed: 54 additions & 54 deletions
diff --git a/‎.github/workflows/dependency-review.yml
Lines changed: 42 additions & 43 deletions b/‎.github/workflows/dependency-review.yml
Lines changed: 42 additions & 43 deletions
@@ -17,44 +17,44 @@ name: Bandit
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]   # must be a subset of the push branches
+    branches: ["main"] # must be a subset of the push branches
   schedule:
-    - cron: '26 11 * * 6'  # Saturday @ 11:26 UTC – catch new CVEs
+    - cron: "26 11 * * 6" # Saturday @ 11:26 UTC – catch new CVEs
 
 jobs:
   bandit:
     permissions:
-      contents:        read   # required by actions/checkout
-      security-events: write  # upload SARIF to “Code scanning”
-      actions:         read   # needed only for private repos
+      contents: read # required by actions/checkout
+      security-events: write # upload SARIF to “Code scanning”
+      actions: read # needed only for private repos
 
     runs-on: ubuntu-latest
 
     steps:
-    # -----------------------------------------------------------
-    # 0️⃣  Check out the repository
-    # -----------------------------------------------------------
-    - name: ⬇️  Checkout code
-      uses: actions/checkout@v4
-
-    # -----------------------------------------------------------
-    # 1️⃣  Run Bandit with custom filters
-    # -----------------------------------------------------------
-    - name: 🔍  Bandit scan (medium / high-conf)
-      uses: shundor/python-bandit-scan@ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd
-      with:
-        # Fail **softly** so devs can triage before gating the build
-        exit_zero: true
-
-        # Built-in GitHub token (no extra secrets needed)
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-        # ──────────────── Customised CLI flags ────────────────
-        path: mcpgateway                    # recurse into package
-        level: MEDIUM                      # MEDIUM and HIGH severities
-        confidence: HIGH                   # HIGH-confidence findings only
-        # excluded_paths: DEFAULT          # inherit Bandit defaults
-        # skips: DEFAULT                   # inherit Bandit defaults
-        # ini_path: ""                     # not using a .bandit config
+      # -----------------------------------------------------------
+      # 0️⃣  Check out the repository
+      # -----------------------------------------------------------
+      - name: ⬇️  Checkout code
+        uses: actions/checkout@v4
+
+      # -----------------------------------------------------------
+      # 1️⃣  Run Bandit with custom filters
+      # -----------------------------------------------------------
+      - name: 🔍  Bandit scan (medium / high-conf)
+        uses: shundor/python-bandit-scan@ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd
+        with:
+          # Fail **softly** so devs can triage before gating the build
+          exit_zero: true
+
+          # Built-in GitHub token (no extra secrets needed)
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # ──────────────── Customised CLI flags ────────────────
+          path: mcpgateway # recurse into package
+          level: MEDIUM # MEDIUM and HIGH severities
+          confidence: HIGH # HIGH-confidence findings only
+          # excluded_paths: DEFAULT          # inherit Bandit defaults
+          # skips: DEFAULT                   # inherit Bandit defaults
+          # ini_path: ""                     # not using a .bandit config
@@ -15,23 +15,23 @@ name: CodeQL Advanced
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
     paths-ignore:
-      - '**/tests/**'
-      - '**/docs/**'
+      - "**/tests/**"
+      - "**/docs/**"
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
     paths-ignore:
-      - '**/tests/**'
-      - '**/docs/**'
+      - "**/tests/**"
+      - "**/docs/**"
   # schedule:
   #   - cron: '15 21 * * 3'   # Weekly on Wednesday at 21:15 UTC
 
 permissions:
-  contents:        read            # For checking out the code
-  security-events: write           # Required to upload SARIF results
-  actions:         read            # Required in private repositories
-  packages:        read            # Required to download CodeQL packs
+  contents: read # For checking out the code
+  security-events: write # Required to upload SARIF results
+  actions: read # Required in private repositories
+  packages: read # Required to download CodeQL packs
 
 jobs:
   analyze:
@@ -50,52 +50,52 @@ jobs:
             build: none
 
     steps:
-    # -------------------------------------------------------------
-    # 0️⃣  Checkout source
-    # -------------------------------------------------------------
-    - name: ⬇️ Checkout code
-      uses: actions/checkout@v4
+      # -------------------------------------------------------------
+      # 0️⃣  Checkout source
+      # -------------------------------------------------------------
+      - name: ⬇️ Checkout code
+        uses: actions/checkout@v4
 
-    # -------------------------------------------------------------
-    # 1️⃣  Optional setup – runtimes for specific languages
-    # -------------------------------------------------------------
-    - name: 🐍 Setup Python
-      if: matrix.language == 'python'
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.x'
+      # -------------------------------------------------------------
+      # 1️⃣  Optional setup – runtimes for specific languages
+      # -------------------------------------------------------------
+      - name: 🐍 Setup Python
+        if: matrix.language == 'python'
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
 
-    - name: 🟢 Setup Node.js
-      if: matrix.language == 'javascript-typescript'
-      uses: actions/setup-node@v4
-      with:
-        node-version: '20'
+      - name: 🟢 Setup Node.js
+        if: matrix.language == 'javascript-typescript'
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
 
-    # -------------------------------------------------------------
-    # 2️⃣  Initialize CodeQL
-    # -------------------------------------------------------------
-    - name: 🛠️ Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        dependency-caching: true
-        config-file: ./.github/codeql-config.yml
+      # -------------------------------------------------------------
+      # 2️⃣  Initialize CodeQL
+      # -------------------------------------------------------------
+      - name: 🛠️ Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          dependency-caching: true
+          config-file: ./.github/codeql-config.yml
 
-    # -------------------------------------------------------------
-    # 3️⃣  Manual build step (not needed for JS/Python/Actions)
-    # -------------------------------------------------------------
-    - if: matrix.build == 'manual'
-      name: ⚙️ Manual build (placeholder)
-      shell: bash
-      run: |
-        echo "Add manual build commands here if needed."
-        exit 1
+      # -------------------------------------------------------------
+      # 3️⃣  Manual build step (not needed for JS/Python/Actions)
+      # -------------------------------------------------------------
+      - if: matrix.build == 'manual'
+        name: ⚙️ Manual build (placeholder)
+        shell: bash
+        run: |
+          echo "Add manual build commands here if needed."
+          exit 1
 
-    # -------------------------------------------------------------
-    # 4️⃣  Perform CodeQL analysis
-    # -------------------------------------------------------------
-    - name: 🔬 Perform CodeQL analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{ matrix.language }}"
-        upload: false
+      # -------------------------------------------------------------
+      # 4️⃣  Perform CodeQL analysis
+      # -------------------------------------------------------------
+      - name: 🔬 Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"
+          upload: false
@@ -25,64 +25,63 @@ name: Dependency Review
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
   # Weekly safety-net run — useful for catching newly-disclosed CVEs
   # or upstream license changes even when no PR is open.
   schedule:
-    - cron: '31 12 * * 6'   # Saturday @ 12:31 UTC
+    - cron: "31 12 * * 6" # Saturday @ 12:31 UTC
 
 # -----------------------------------------------------------------
 # Minimal permissions – principle of least privilege
 # -----------------------------------------------------------------
 permissions:
-  contents:        read          # for actions/checkout
-  security-events: write         # upload SARIF results
-  pull-requests:   write         # post / overwrite PR comment
+  contents: read # for actions/checkout
+  security-events: write # upload SARIF results
+  pull-requests: write # post / overwrite PR comment
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
 
     steps:
-    # -----------------------------------------------------------
-    # 0️⃣  Check out the repository
-    # -----------------------------------------------------------
-    - name: ⬇️  Checkout code
-      uses: actions/checkout@v4
+      # -----------------------------------------------------------
+      # 0️⃣  Check out the repository
+      # -----------------------------------------------------------
+      - name: ⬇️  Checkout code
+        uses: actions/checkout@v4
 
-    # -----------------------------------------------------------
-    # 1️⃣  Dependency & License gate
-    # -----------------------------------------------------------
-    - name: 🔍  Dependency Review
-      id: dep-scan
-      uses: actions/dependency-review-action@v4
-      with:
-        # ───────── Vulnerability policy ─────────
-        fail-on-severity: moderate      # MODERATE, HIGH, CRITICAL ⇒ ❌
-        vulnerability-check: true       # (default)
+      # -----------------------------------------------------------
+      # 1️⃣  Dependency & License gate
+      # -----------------------------------------------------------
+      - name: 🔍  Dependency Review
+        id: dep-scan
+        uses: actions/dependency-review-action@v4
+        with:
+          # ───────── Vulnerability policy ─────────
+          fail-on-severity: moderate # MODERATE, HIGH, CRITICAL ⇒ ❌
+          vulnerability-check: true # (default)
 
-        # ───────── License policy ─────────
-        # Hard-deny strong- or service-copyleft licenses that would
-        # "infect" an Apache-2.0 project.  (LGPL/MPL/EPL are *not*
-        # listed — they’re weak/file-level copyleft.  Add them here
-        # if your org chooses to forbid them outright.)
-        deny-licenses: >
-          GPL-1.0, GPL-2.0, GPL-3.0,
-          AGPL-3.0,
-          SSPL-1.0,
-          RPL-1.5,
-          OSL-3.0,
-          CPAL-1.0
-        license-check: true             # (default)
+          # ───────── License policy ─────────
+          # Hard-deny strong- or service-copyleft licenses that would
+          # "infect" an Apache-2.0 project.  (LGPL/MPL/EPL are *not*
+          # listed — they’re weak/file-level copyleft.  Add them here
+          # if your org chooses to forbid them outright.)
+          deny-licenses: >
+            GPL-1.0, GPL-2.0, GPL-3.0,
+            AGPL-3.0,
+            SSPL-1.0,
+            RPL-1.5,
+            OSL-3.0,
+            CPAL-1.0
+          license-check: true # (default)
+          # ───────── UX tweaks ─────────
+          warn-only: false # actually fail the workflow
+          comment-summary-in-pr: on-failure
 
-        # ───────── UX tweaks ─────────
-        warn-only: false                # actually fail the workflow
-        comment-summary-in-pr: on-failure
-
-        # ───────── Refs for non-PR events ─────────
-        # These are ignored on pull_request events but allow the
-        # scheduled run to compare HEAD against `main`.
-        base-ref: main
-        head-ref: ${{ github.sha }}
+          # ───────── Refs for non-PR events ─────────
+          # These are ignored on pull_request events but allow the
+          # scheduled run to compare HEAD against `main`.
+          base-ref: main
+          head-ref: ${{ github.sha }}