Skip to content

ci: wire org-wide security-scan + dependabot + CODEOWNERS #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
WomB0ComB0 merged 1 commit into from
Apr 15, 2026
+54 −0
Merged

ci: wire org-wide security-scan + dependabot + CODEOWNERS #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .github/CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Default owner for everything not matched by a more specific rule.
* @WomB0ComB0
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For organization-level repositories, it is a best practice to assign teams as code owners rather than individual users. This ensures that the responsibility for code reviews is shared and avoids bottlenecks if an individual is unavailable or leaves the organization. Consider replacing @WomB0ComB0 with a relevant team, such as @resq-software/maintainers.


# Installer + canonical git hooks — the blast-radius surface.
/install.sh @WomB0ComB0
/install.ps1 @WomB0ComB0
/scripts/ @WomB0ComB0
/.github/workflows/ @WomB0ComB0
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The pull request title and description mention adding a security scan via .github/workflows/security.yml, but this file is missing from the current changes. Please include the workflow file to complete the implementation of the security scan integration as described.

18 changes: 18 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Copyright 2026 ResQ Software
# SPDX-License-Identifier: Apache-2.0
#
# Weekly dependency updates, grouped to keep PR noise low.

version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
day: monday
time: "06:17"
groups:
actions:
patterns: ["*"]
labels: [chore, deps]
open-pull-requests-limit: 5
28 changes: 28 additions & 0 deletions .github/workflows/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Copyright 2026 ResQ Software
# SPDX-License-Identifier: Apache-2.0
#
# Thin caller for the org-wide reusable security-scan workflow in
# resq-software/.github. Update the `languages` list to match this repo's
# primary code; everything else inherits.

name: security

on:
push:
branches: [main]
pull_request:
schedule:
- cron: '17 6 * * 1'
workflow_dispatch:

permissions:
contents: read
security-events: write
pull-requests: read

jobs:
scan:
uses: resq-software/.github/.github/workflows/security-scan.yml@main
with:
languages: '["actions"]'
secrets: inherit
Loading