30 commits

Author	SHA1	Message	Date
dependabot[bot]	73dd2cfae9	Bump github/codeql-action from 3.26.10 to 3.26.11 ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.26.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](e2b3eafc8d...6db8d6351f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-04 01:11:06 +00:00
Winni Neessen	9fc59f0cab	Merge pull request #28 from wneessen/dependabot/github_actions/golang/govulncheck-action-1.0.4 ... Bump golang/govulncheck-action from 1.0.3 to 1.0.4	2024-10-02 09:03:40 +02:00
dependabot[bot]	2c47cc79d7	Bump codecov/codecov-action from 4.5.0 to 4.6.0 ... Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](e28ff129e5...b9fd7d16f6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-02 00:46:25 +00:00
dependabot[bot]	227ddf2d05	Bump golang/govulncheck-action from 1.0.3 to 1.0.4 ... Bumps [golang/govulncheck-action](https://github.com/golang/govulncheck-action) from 1.0.3 to 1.0.4. - [Release notes](https://github.com/golang/govulncheck-action/releases) - [Commits](dd0578b371...b625fbe08f) --- updated-dependencies: - dependency-name: golang/govulncheck-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-02 00:46:22 +00:00
dependabot[bot]	590afd0176	Bump github/codeql-action from 3.26.9 to 3.26.10 ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.9 to 3.26.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](461ef6c76d...e2b3eafc8d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-01 00:29:10 +00:00
Winni Neessen	b64310d8dc	Merge pull request #25 from wneessen/dependabot/github_actions/sonarsource/sonarqube-scan-action-884b79409bbd464b2a59edc326a4b77dc56b2195 ... Bump sonarsource/sonarqube-scan-action from f885e52a7572cf7943f28637e75730227df2dbf2 to 884b79409bbd464b2a59edc326a4b77dc56b2195	2024-09-25 09:23:20 +02:00
dependabot[bot]	5ac4195794	Bump github/codeql-action from 3.26.8 to 3.26.9 ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.8 to 3.26.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](294a9d9291...461ef6c76d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-25 01:07:50 +00:00
dependabot[bot]	be3c36e2b7	Bump sonarsource/sonarqube-scan-action ... Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from f885e52a7572cf7943f28637e75730227df2dbf2 to 884b79409bbd464b2a59edc326a4b77dc56b2195. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](f885e52a75...884b79409b) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-scan-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-25 01:07:42 +00:00
Winni Neessen	03292ed215	Merge pull request #23 from wneessen/dependabot/github_actions/github/codeql-action-3.26.8 ... Bump github/codeql-action from 3.26.7 to 3.26.8	2024-09-20 09:15:32 +02:00
dependabot[bot]	8af84294dc	Bump sonarsource/sonarqube-scan-action ... Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 2af7c4bea3abd8c236b5edb80998f31374896f09 to f885e52a7572cf7943f28637e75730227df2dbf2. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](2af7c4bea3...f885e52a75) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-scan-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-20 01:05:07 +00:00
dependabot[bot]	315cb2f506	Bump github/codeql-action from 3.26.7 to 3.26.8 ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.7 to 3.26.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](8214744c54...294a9d9291) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-20 01:05:04 +00:00
Winni Neessen	b0b7b07a8a	Set permissions to read for workflow ... Add 'contents: read' permissions to the GitHub Actions workflow configuration. This change enhances security by only allowing read access to the repository contents.	2024-09-16 09:56:04 +02:00
Winni Neessen	f2f653eeb6	Merge pull request #17 from wneessen/dependabot/github_actions/github/codeql-action-3.26.7 ... Bump github/codeql-action from 3.26.6 to 3.26.7	2024-09-13 20:33:58 +02:00
Winni Neessen	7559b1e956	Merge pull request #12 from wneessen/dependabot/github_actions/fsfe/reuse-action-4.0.0 ... Bump fsfe/reuse-action from 1.3.0 to 4.0.0	2024-09-13 20:32:33 +02:00
dependabot[bot]	b1e14a709b	Bump github/codeql-action from 3.26.6 to 3.26.7 ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.6 to 3.26.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.26.6...8214744c546c1e5c8f03dde8fab3a7353211988d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-13 18:32:22 +00:00
Winni Neessen	a74296b2d2	Merge pull request #13 from wneessen/dependabot/github_actions/codecov/codecov-action-4.5.0 ... Bump codecov/codecov-action from 3.1.6 to 4.5.0	2024-09-13 20:32:20 +02:00
Winni Neessen	7140fed74b	Merge pull request #14 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-6.1.0 ... Bump golangci/golangci-lint-action from 3.7.0 to 6.1.0	2024-09-13 20:32:10 +02:00
Winni Neessen	2848da6c7b	Merge pull request #15 from wneessen/dependabot/github_actions/step-security/harden-runner-2.10.1 ... Bump step-security/harden-runner from 2.9.1 to 2.10.1	2024-09-13 20:31:59 +02:00
Winni Neessen	cb0ddc90ce	Merge pull request #16 from wneessen/dependabot/github_actions/actions/setup-go-5.0.2 ... Bump actions/setup-go from 4.1.0 to 5.0.2	2024-09-13 20:31:48 +02:00
Winni Neessen	8b2121841f	Add SPDX license headers to workflow files ... Included appropriate SPDX headers to ensure clear licensing information in both CodeQL and Dependabot workflow files. This improves compliance and transparency across the repository.	2024-09-13 20:30:57 +02:00
dependabot[bot]	667b3b2bd4	Bump actions/setup-go from 4.1.0 to 5.0.2 ... Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.2. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4.1.0...0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-13 18:29:07 +00:00
dependabot[bot]	40f53eb9b9	Bump step-security/harden-runner from 2.9.1 to 2.10.1 ... Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/v2.9.1...91182cccc01eb5e619899d80e4e971d6181294a7) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-13 18:29:05 +00:00
dependabot[bot]	1dc4e10279	Bump golangci/golangci-lint-action from 3.7.0 to 6.1.0 ... Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 6.1.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](3a91952989...aaa42aa062) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-13 18:29:02 +00:00
dependabot[bot]	e2b9383c6e	Bump codecov/codecov-action from 3.1.6 to 4.5.0 ... Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.6 to 4.5.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](ab904c41d6...e28ff129e5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-13 18:28:59 +00:00
dependabot[bot]	9fb780b0a4	Bump fsfe/reuse-action from 1.3.0 to 4.0.0 ... Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action) from 1.3.0 to 4.0.0. - [Release notes](https://github.com/fsfe/reuse-action/releases) - [Commits](28cf8f33bc...3ae3c6bdf1) --- updated-dependencies: - dependency-name: fsfe/reuse-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-13 18:28:57 +00:00
StepSecurity Bot	f4d7b6b9df	[StepSecurity] Apply security best practices ... Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>	2024-09-13 18:26:26 +00:00
Winni Neessen	10d77340d5	Add security workflows for code analysis ... This commit introduces three GitHub Actions workflows: `govulncheck`, `dependency-review`, and `scorecards`. These workflows enhance security by scanning for vulnerabilities, reviewing dependencies, and analyzing the supply-chain, respectively.	2024-09-11 10:58:53 +02:00
Winni Neessen	926cfc9581	Fix Go version syntax in SonarQube workflow ... Corrected the Go version syntax from '1.23.x' to '1.23' in the SonarQube GitHub Action workflow configuration to ensure proper version setup. This change addresses potential issues with version resolution in the setup-go action.	2024-09-11 10:22:51 +02:00
Winni Neessen	e557e4caac	Add SonarQube integration for code analysis ... Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored.	2024-09-11 10:19:00 +02:00
Winni Neessen	03f6fd14d1	Initial checkin	2024-09-01 16:01:58 +02:00