File tree Expand file tree Collapse file tree 2 files changed +115
-0
lines changed
Expand file tree Collapse file tree 2 files changed +115
-0
lines changed Original file line number Diff line number Diff line change 1+ version : 2
2+ updates :
3+ # Enable version updates for Python dependencies
4+ - package-ecosystem : " pip"
5+ directory : " /"
6+ schedule :
7+ interval : " weekly"
8+ day : " monday"
9+ time : " 03:00"
10+ open-pull-requests-limit : 5
11+ reviewers :
12+ - " cdonnachie"
13+ labels :
14+ - " dependencies"
15+ - " security"
16+ commit-message :
17+ prefix : " chore(deps):"
18+ include : " scope"
19+ pull-request-branch-name :
20+ separator : " /"
21+
22+ # Enable version updates for Docker images
23+ - package-ecosystem : " docker"
24+ directory : " /"
25+ schedule :
26+ interval : " weekly"
27+ day : " monday"
28+ time : " 03:00"
29+ open-pull-requests-limit : 3
30+ reviewers :
31+ - " cdonnachie"
32+ labels :
33+ - " dependencies"
34+ - " docker"
35+ commit-message :
36+ prefix : " chore(docker):"
37+ include : " scope"
38+
39+ # Enable version updates for GitHub Actions
40+ - package-ecosystem : " github-actions"
41+ directory : " /"
42+ schedule :
43+ interval : " weekly"
44+ day : " monday"
45+ time : " 03:30"
46+ open-pull-requests-limit : 5
47+ reviewers :
48+ - " cdonnachie"
49+ labels :
50+ - " dependencies"
51+ - " github-actions"
52+ commit-message :
53+ prefix : " chore(ci):"
54+ include : " scope"
Original file line number Diff line number Diff line change 1+ name : Security Scan
2+
3+ on :
4+ push :
5+ branches : [main, develop]
6+ pull_request :
7+ branches : [main, develop]
8+
9+ jobs :
10+ bandit :
11+ name : Bandit Security Scan
12+ runs-on : ubuntu-latest
13+ steps :
14+ - uses : actions/checkout@v4
15+
16+ - name : Set up Python
17+ uses : actions/setup-python@v4
18+ with :
19+ python-version : " 3.11"
20+
21+ - name : Install Bandit
22+ run : pip install bandit
23+
24+ - name : Run Bandit security scan
25+ run : |
26+ bandit -r kcn_proxy/ -f json -o bandit-report.json || true
27+ bandit -r kcn_proxy/ -f txt
28+
29+ name : Upload Bandit report
30+ if : always()
31+ uses : actions/upload-artifact@v3
32+ with :
33+ name : bandit-report
34+ path : bandit-report.json
35+
36+ codeql :
37+ name : CodeQL Analysis
38+ runs-on : ubuntu-latest
39+ permissions :
40+ contents : read
41+ security-events : write
42+
43+ strategy :
44+ fail-fast : false
45+ matrix :
46+ language : ["python"]
47+
48+ steps :
49+ - name : Checkout repository
50+ uses : actions/checkout@v4
51+
52+ - name : Initialize CodeQL
53+ uses : github/codeql-action/init@v2
54+ with :
55+ languages : ${{ matrix.language }}
56+
57+ - name : Autobuild
58+ uses : github/codeql-action/autobuild@v2
59+
60+ - name : Perform CodeQL Analysis
61+ uses : github/codeql-action/analyze@v2
You can’t perform that action at this time.
0 commit comments