🔒 Enhanced Security without Code Scanning

✅ Dependabot Configuration: - Automated dependency updates (weekly) - Security vulnerability alerts - GitHub Actions updates - Automatic PR creation for updates ✅ Enhanced Trivy Scanning: - Added secret scanning (credentials detection) - Added configuration scanning (misconfigurations) - Comprehensive security coverage ✅ Updated Security Policy: - Added Dependabot to security features - Added secret and configuration scanning - Professional security documentation �� Alternative to Code Scanning: - Dependabot for dependency security - Trivy for comprehensive scanning - No GitHub Advanced Security needed
2025-09-05 23:31:53 +00:00
parent bec5ed0f8f
commit 4dc9dcb17b
3 changed files with 43 additions and 0 deletions
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -69,6 +69,7 @@ jobs:
          format: 'sarif'
          output: 'trivy-results.sarif'
          skip-version-check: true
+          scanners: 'vuln,secret,config'

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3