wneessen/niljson
1
0
Fork 0
mirror of https://github.com/wneessen/niljson.git synced 2024-11-22 13:40:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
47 commits 2 branches 6 tags 349 KiB
Commit graph

10 commits

Author SHA1 Message Date
Winni Neessen
2848da6c7b
Merge pull request #15 from wneessen/dependabot/github_actions/step-security/harden-runner-2.10.1 
Bump step-security/harden-runner from 2.9.1 to 2.10.1
 2024-09-13 20:31:59 +02:00
Winni Neessen
cb0ddc90ce
Merge pull request #16 from wneessen/dependabot/github_actions/actions/setup-go-5.0.2 
Bump actions/setup-go from 4.1.0 to 5.0.2
 2024-09-13 20:31:48 +02:00
Winni Neessen
8b2121841f
Add SPDX license headers to workflow files 
Included appropriate SPDX headers to ensure clear licensing information in both CodeQL and Dependabot workflow files. This improves compliance and transparency across the repository.
 2024-09-13 20:30:57 +02:00
dependabot[bot]
667b3b2bd4
Bump actions/setup-go from 4.1.0 to 5.0.2 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4.1.0...0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-13 18:29:07 +00:00
dependabot[bot]
40f53eb9b9
Bump step-security/harden-runner from 2.9.1 to 2.10.1 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/v2.9.1...91182cccc01eb5e619899d80e4e971d6181294a7)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-13 18:29:05 +00:00
StepSecurity Bot
f4d7b6b9df
[StepSecurity] Apply security best practices 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
 2024-09-13 18:26:26 +00:00
Winni Neessen
10d77340d5
Add security workflows for code analysis 
This commit introduces three GitHub Actions workflows: `govulncheck`, `dependency-review`, and `scorecards`. These workflows enhance security by scanning for vulnerabilities, reviewing dependencies, and analyzing the supply-chain, respectively.
 2024-09-11 10:58:53 +02:00
Winni Neessen
926cfc9581
Fix Go version syntax in SonarQube workflow 
Corrected the Go version syntax from '1.23.x' to '1.23' in the SonarQube GitHub Action workflow configuration to ensure proper version setup. This change addresses potential issues with version resolution in the setup-go action.
 2024-09-11 10:22:51 +02:00
Winni Neessen
e557e4caac
Add SonarQube integration for code analysis 
Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored.
 2024-09-11 10:19:00 +02:00
Winni Neessen
03f6fd14d1
Initial checkin 2024-09-01 16:01:58 +02:00