Skip to content

ci: reusable python security workflow + security baseline doc#18

Merged
imran-siddique merged 2 commits into
mainfrom
security-baseline-reusable-workflow
Jul 4, 2026
Merged

ci: reusable python security workflow + security baseline doc#18
imran-siddique merged 2 commits into
mainfrom
security-baseline-reusable-workflow

Conversation

@imran-siddique

Copy link
Copy Markdown
Contributor

Implements the centralised piece of the agentrust-io security hardening (catalog Appendix B).

  • Adds a reusable Python security workflow (ruff, mypy, bandit SAST, pip-audit SCA, CycloneDX SBOM) callable via workflow_call.
  • Adds a security-baseline adoption doc.

Per-repo follow-ups (not in this PR): CodeQL + Scorecard + dependabot.yml + CODEOWNERS on repos lacking them (trace-spec, trace-tests, integrations, examples, demos), LICENSE files, and org-level settings (secret scanning, push protection, Dependabot alerts, branch-protection ruleset).

Note: third-party actions are on version tags marked TODO; pin to commit SHAs before merge.

🤖 Generated with Claude Code

imran-siddique and others added 2 commits July 4, 2026 12:29
…/SBOM)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@imran-siddique imran-siddique merged commit 9d5570b into main Jul 4, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant