This issue tracks the rollout of application security in CI. Requires workflow updates: * [x] Dependabot Version updates * [x] dependency review * [ ] ~OpenSSF scorecard and best practices (badges in README)~ n/a not much value in a small library * [ ] ~release artifact attestation~ no released artefacts to attest * [ ] ~release SBOMs~ no released artefacts to attest * [ ] ~coverage, if possible (badge in README)~ n/a not familiar with ecosystem * [ ] ~code linters~ n/a not familiar with ecosystem Requires repository config updates, after workflows updates are merged: * [ ] Dependabot Alerts * [ ] Dependabot Security updates * [ ] CodeQL * [ ] secret scanning and push protection * [ ] private vulnerability reporting
This issue tracks the rollout of application security in CI.
Requires workflow updates:
OpenSSF scorecard and best practices (badges in README)n/a not much value in a small libraryrelease artifact attestationno released artefacts to attestrelease SBOMsno released artefacts to attestcoverage, if possible (badge in README)n/a not familiar with ecosystemcode lintersn/a not familiar with ecosystemRequires repository config updates, after workflows updates are merged: