4dc9dcb17b
✅ Dependabot Configuration: - Automated dependency updates (weekly) - Security vulnerability alerts - GitHub Actions updates - Automatic PR creation for updates ✅ Enhanced Trivy Scanning: - Added secret scanning (credentials detection) - Added configuration scanning (misconfigurations) - Comprehensive security coverage ✅ Updated Security Policy: - Added Dependabot to security features - Added secret and configuration scanning - Professional security documentation �� Alternative to Code Scanning: - Dependabot for dependency security - Trivy for comprehensive scanning - No GitHub Advanced Security needed
40 lines
816 B
YAML
40 lines
816 B
YAML
version: 2
|
|
updates:
|
|
# Enable version updates for npm
|
|
- package-ecosystem: "npm"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
time: "09:00"
|
|
open-pull-requests-limit: 10
|
|
reviewers:
|
|
- "denshooter"
|
|
assignees:
|
|
- "denshooter"
|
|
commit-message:
|
|
prefix: "chore"
|
|
include: "scope"
|
|
labels:
|
|
- "dependencies"
|
|
- "security"
|
|
|
|
# Enable version updates for GitHub Actions
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
time: "09:00"
|
|
open-pull-requests-limit: 5
|
|
reviewers:
|
|
- "denshooter"
|
|
assignees:
|
|
- "denshooter"
|
|
commit-message:
|
|
prefix: "chore"
|
|
include: "scope"
|
|
labels:
|
|
- "github-actions"
|
|
- "security"
|