[StepSecurity] Apply security best practices (#88)

step-security-bot · web-flow · commit 36f7e5457bea · 2024-11-18T09:39:15.000-05:00
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,3 +9,23 @@ updates:
     directory: /
     schedule:
       interval: daily
+
+  - package-ecosystem: nuget
+    directory: /FSSHTTPWOPIInspector/Source
+    schedule:
+      interval: daily
+
+  - package-ecosystem: nuget
+    directory: /FSSHTTPWOPIInspector/Test/WOPIautomation/WOPIautomation
+    schedule:
+      interval: daily
+
+  - package-ecosystem: nuget
+    directory: /MAPIInspector/Source
+    schedule:
+      interval: daily
+
+  - package-ecosystem: nuget
+    directory: /MAPIInspector/Test/MAPIAutomationTest/MAPIAutomationTest
+    schedule:
+      interval: daily
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
@@ -7,6 +7,9 @@ on:
     branches: [ "main" ]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: windows-latest
@@ -18,6 +21,11 @@ jobs:
       security-events: write
 
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      with:
+        egress-policy: audit
+
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Machine setup
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,14 @@
+repos:
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.16.3
+  hooks:
+  - id: gitleaks
+- repo: https://github.com/pre-commit/mirrors-eslint
+  rev: v8.38.0
+  hooks:
+  - id: eslint
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
