denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 Enhanced Security without Code Scanning

Browse Source 
 Dependabot Configuration:
- Automated dependency updates (weekly)
- Security vulnerability alerts
- GitHub Actions updates
- Automatic PR creation for updates

 Enhanced Trivy Scanning:
- Added secret scanning (credentials detection)
- Added configuration scanning (misconfigurations)
- Comprehensive security coverage

 Updated Security Policy:
- Added Dependabot to security features
- Added secret and configuration scanning
- Professional security documentation

�� Alternative to Code Scanning:
- Dependabot for dependency security
- Trivy for comprehensive scanning
- No GitHub Advanced Security needed
This commit is contained in:
Dennis Konkol
2025-09-05 23:31:53 +00:00
parent bec5ed0f8f
commit 4dc9dcb17b
3 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,39 @@
version: 2
updates:
# Enable version updates for npm
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
open-pull-requests-limit: 10
reviewers:
- "denshooter"
assignees:
- "denshooter"
commit-message:
prefix: "chore"
include: "scope"
labels:
- "dependencies"
- "security"
# Enable version updates for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
open-pull-requests-limit: 5
reviewers:
- "denshooter"
assignees:
- "denshooter"
commit-message:
prefix: "chore"
include: "scope"
labels:
- "github-actions"
- "security"

1
.github/workflows/ci-cd.yml vendored
View File

@@ -69,6 +69,7 @@ jobs:
format: 'sarif' format: 'sarif'
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
skip-version-check: true skip-version-check: true
scanners: 'vuln,secret,config'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3

3
SECURITY.md
View File

@@ -14,11 +14,14 @@ This portfolio project follows semantic versioning and maintains security update
This portfolio includes the following security measures: This portfolio includes the following security measures:
- **Dependency Scanning**: Automated vulnerability scanning with Trivy - **Dependency Scanning**: Automated vulnerability scanning with Trivy
- **Dependabot**: Automated dependency updates and security alerts
- **Code Quality**: ESLint and TypeScript for secure code practices - **Code Quality**: ESLint and TypeScript for secure code practices
- **Authentication**: Basic Auth protection for admin routes - **Authentication**: Basic Auth protection for admin routes
- **Environment Security**: Sensitive data stored in environment variables - **Environment Security**: Sensitive data stored in environment variables
- **HTTPS Only**: All production traffic encrypted - **HTTPS Only**: All production traffic encrypted
- **Input Validation**: All user inputs are validated and sanitized - **Input Validation**: All user inputs are validated and sanitized
- **Secret Scanning**: Trivy scans for exposed secrets and credentials
- **Configuration Scanning**: Security misconfigurations detection
## Reporting a Vulnerability ## Reporting a Vulnerability