🔒 Enhanced Security without Code Scanning

✅ Dependabot Configuration: - Automated dependency updates (weekly) - Security vulnerability alerts - GitHub Actions updates - Automatic PR creation for updates ✅ Enhanced Trivy Scanning: - Added secret scanning (credentials detection) - Added configuration scanning (misconfigurations) - Comprehensive security coverage ✅ Updated Security Policy: - Added Dependabot to security features - Added secret and configuration scanning - Professional security documentation �� Alternative to Code Scanning: - Dependabot for dependency security - Trivy for comprehensive scanning - No GitHub Advanced Security needed
2025-09-05 23:31:53 +00:00
parent bec5ed0f8f
commit 4dc9dcb17b
3 changed files with 43 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,39 @@
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "denshooter"
+    assignees:
+      - "denshooter"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "denshooter"
+    assignees:
+      - "denshooter"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "github-actions"
+      - "security"