ci(secu): update analyses (#12)

Author: sc979

.github/CODEOWNERS

@@ -4,3 +4,4 @@
 
 .gitleaks.toml     @centreon/owners-security
 .gitleaksignore    @centreon/owners-security
+**/secu-*.yml      @centreon/owners-security

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: '/'
+    schedule:
+      interval: monthly
+    open-pull-requests-limit: 50
+    labels:
+      - 'dependencies'
+      - 'gha'

.github/workflows/actionlint.yml

@@ -0,0 +1,26 @@
+name: actionlint
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - ".github/**"
+
+jobs:
+  action-lint:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+      - name: Ensure SHA pinned actions
+        uses: centreon/github-actions-ensure-sha-pinned-actions@47d553c67ceb08ad660deaeb3b994e47a3dd8fc3 # v3.0.23.3
+        with:
+          allowlist: |
+            centreon/security-tools

.github/workflows/gitleaks.yml

@@ -0,0 +1,30 @@
+name: code-scan
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+  schedule:
+    - cron: 0 1 * * 1-5
+
+jobs:
+
+  code-scan:
+    uses: centreon/security-tools/.github/workflows/checkmarx-analysis.yml@main
+    with:
+      module_directory:
+      module_name: warp10r
+      exclude_list:
+    secrets:
+      base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
+      cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
+      cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
+      cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}

.github/workflows/secu-code-scan.yml

@@ -0,0 +1,12 @@
+name: dependency-scan
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  dependency-scan:
+    uses: centreon/security-tools/.github/workflows/dependency-analysis.yml@main

.github/workflows/secu-dependency-scan.yml

@@ -0,0 +1,12 @@
+name: secrets-scan
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  secrets-scan:
+    uses: centreon/security-tools/.github/workflows/gitleaks-analysis.yml@main