Skip to content

Commit 20cad88

Browse files
PavlosIsarisPavlosIsaris
committed
improved docs
1 parent e32aa27 commit 20cad88

File tree

8 files changed

+930
-848
lines changed

8 files changed

+930
-848
lines changed

.ddev/.ddev-docker-compose-base.yaml

Lines changed: 255 additions & 245 deletions
Large diffs are not rendered by default.

.ddev/.ddev-docker-compose-full.yaml

Lines changed: 286 additions & 286 deletions
Large diffs are not rendered by default.

.github/workflows/security.yml

Lines changed: 32 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -10,16 +10,14 @@ on:
1010
# Run every week on Monday at 2 AM UTC (3 AM EST)
1111
- cron: '0 2 * * 1'
1212

13-
permissions:
14-
contents: read
15-
security-events: write
16-
actions: read
17-
1813
jobs:
1914
# Check GitHub Advanced Security availability
2015
check-advanced-security:
2116
name: Check Advanced Security
2217
runs-on: ubuntu-latest
18+
permissions:
19+
contents: read
20+
2321
outputs:
2422
ghas-enabled: ${{ steps.check-ghas.outputs.enabled }}
2523

@@ -47,6 +45,9 @@ jobs:
4745
name: Essential Security Checks
4846
runs-on: ubuntu-latest
4947
needs: check-advanced-security
48+
permissions:
49+
contents: read
50+
5051
outputs:
5152
secrets-clean: ${{ steps.secrets-check.outputs.clean }}
5253
env-files-clean: ${{ steps.env-check.outputs.clean }}
@@ -173,7 +174,7 @@ jobs:
173174
if: matrix.language == 'javascript'
174175
uses: actions/setup-node@v4
175176
with:
176-
node-version: '22'
177+
node-version: '24'
177178
cache: 'npm'
178179

179180
- name: Install Node Dependencies
@@ -212,6 +213,9 @@ jobs:
212213
needs: essential-security
213214
if: needs.essential-security.outputs.secrets-clean == 'true'
214215

216+
permissions:
217+
contents: read
218+
215219
steps:
216220
- name: Checkout Repository
217221
uses: actions/checkout@v4
@@ -225,7 +229,7 @@ jobs:
225229
- name: Setup Node
226230
uses: actions/setup-node@v4
227231
with:
228-
node-version: '22'
232+
node-version: '24'
229233
cache: 'npm'
230234

231235
- name: Copy Environment File
@@ -285,14 +289,17 @@ jobs:
285289
needs: essential-security
286290
if: needs.essential-security.outputs.secrets-clean == 'true'
287291

292+
permissions:
293+
contents: read
294+
288295
steps:
289296
- name: Checkout Repository
290297
uses: actions/checkout@v4
291298

292299
- name: Run OWASP Dependency Check
293300
uses: dependency-check/Dependency-Check_Action@main
294301
with:
295-
project: 'price-updater'
302+
project: 'laradev-react'
296303
path: '.'
297304
format: 'HTML'
298305
out: 'dependency-check-report'
@@ -316,6 +323,9 @@ jobs:
316323
needs: [essential-security, license-compliance]
317324
if: needs.essential-security.outputs.secrets-clean == 'true'
318325

326+
permissions:
327+
contents: read
328+
319329
steps:
320330
- name: Checkout Repository
321331
uses: actions/checkout@v4
@@ -329,7 +339,7 @@ jobs:
329339
- name: Setup Node
330340
uses: actions/setup-node@v4
331341
with:
332-
node-version: '22'
342+
node-version: '24'
333343
cache: 'npm'
334344

335345
- name: Copy Environment File
@@ -353,6 +363,9 @@ jobs:
353363
needs: [essential-security, dependency-scan]
354364
if: needs.essential-security.outputs.secrets-clean == 'true'
355365

366+
permissions:
367+
contents: read
368+
356369
steps:
357370
- name: Checkout Repository
358371
uses: actions/checkout@v4
@@ -381,6 +394,9 @@ jobs:
381394
needs: [essential-security, code-quality]
382395
if: github.event_name == 'pull_request' && needs.essential-security.outputs.secrets-clean == 'true'
383396

397+
permissions:
398+
contents: read
399+
384400
steps:
385401
- name: Checkout Repository
386402
uses: actions/checkout@v4
@@ -402,48 +418,55 @@ jobs:
402418
else
403419
echo "⚠️ Consider configuring HTTPS for production"
404420
fi
421+
405422
- name: Check Content Security Policy (CSP)
406423
run: |
407424
if grep -q "Content-Security-Policy" app/Http/Middleware/AddSecurityHeaders.php; then
408425
echo "✅ Content Security Policy (CSP) is configured"
409426
else
410427
echo "⚠️ Consider adding a Content Security Policy (CSP) for enhanced security"
411428
fi
429+
412430
- name: Check Secure Cookies
413431
run: |
414432
if grep -q "'secure' => env('SESSION_SECURE_COOKIE', true)" config/session.php; then
415433
echo "✅ Secure cookies are enabled"
416434
else
417435
echo "⚠️ Consider enabling secure cookies in config/session.php"
418436
fi
437+
419438
- name: Check HSTS Configuration
420439
run: |
421440
if grep -q "Strict-Transport-Security" app/Http/Middleware/AddSecurityHeaders.php; then
422441
echo "✅ HSTS is configured"
423442
else
424443
echo "⚠️ Consider adding HSTS for enhanced security"
425444
fi
445+
426446
- name: Check Referrer Policy
427447
run: |
428448
if grep -q "Referrer-Policy" app/Http/Middleware/AddSecurityHeaders.php; then
429449
echo "✅ Referrer Policy is configured"
430450
else
431451
echo "⚠️ Consider adding a Referrer Policy for enhanced privacy"
432452
fi
453+
433454
- name: Check X-Content-Type-Options
434455
run: |
435456
if grep -q "X-Content-Type-Options" app/Http/Middleware/AddSecurityHeaders.php; then
436457
echo "✅ X-Content-Type-Options is configured"
437458
else
438459
echo "⚠️ Consider adding X-Content-Type-Options to prevent MIME type sniffing"
439460
fi
461+
440462
- name: Check X-Frame-Options
441463
run: |
442464
if grep -q "X-Frame-Options" app/Http/Middleware/AddSecurityHeaders.php; then
443465
echo "✅ X-Frame-Options is configured"
444466
else
445467
echo "⚠️ Consider adding X-Frame-Options to prevent clickjacking"
446468
fi
469+
447470
- name: Check X-XSS-Protection
448471
run: |
449472
if grep -q "X-XSS-Protection" app/Http/Middleware/AddSecurityHeaders.php; then

.github/workflows/sonarqube.yml

Lines changed: 0 additions & 18 deletions
This file was deleted.

LOCAL-DEVELOPMENT.md

Lines changed: 0 additions & 198 deletions
This file was deleted.

0 commit comments

Comments
 (0)