Commit graph

3 commits

Author SHA1 Message Date
dependabot[bot]
227ddf2d05
Bump golang/govulncheck-action from 1.0.3 to 1.0.4
Bumps [golang/govulncheck-action](https://github.com/golang/govulncheck-action) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/golang/govulncheck-action/releases)
- [Commits](dd0578b371...b625fbe08f)

---
updated-dependencies:
- dependency-name: golang/govulncheck-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-02 00:46:22 +00:00
dependabot[bot]
40f53eb9b9
Bump step-security/harden-runner from 2.9.1 to 2.10.1
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/v2.9.1...91182cccc01eb5e619899d80e4e971d6181294a7)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-13 18:29:05 +00:00
10d77340d5
Add security workflows for code analysis
This commit introduces three GitHub Actions workflows: `govulncheck`, `dependency-review`, and `scorecards`. These workflows enhance security by scanning for vulnerabilities, reviewing dependencies, and analyzing the supply-chain, respectively.
2024-09-11 10:58:53 +02:00