From 62b9cfbdb3f6a0ca839aa46e7d8d6361465af1f0 Mon Sep 17 00:00:00 2001
From: Mike Odnis <airwolf635@gmail.com>
Date: Tue, 14 Apr 2026 21:49:38 -0400
Subject: [PATCH] ci: wire org-wide security-scan + dependabot + CODEOWNERS

Standardization pass across public ResQ repos.

  .github/workflows/security.yml  Caller for the reusable security-scan
                                  workflow in resq-software/.github with
                                  languages=["csharp","actions"].

  .github/CODEOWNERS               Default owner.

Inherits CoC / Contributing / Security / Support / PR + issue templates
from resq-software/.github.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/CODEOWNERS             |  2 ++
 .github/workflows/security.yml | 27 +++++++++++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 .github/CODEOWNERS
 create mode 100644 .github/workflows/security.yml

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..1a70074
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# Default owner for everything not matched by a more specific rule.
+*  @WomB0ComB0
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..2cef137
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,27 @@
+# Copyright 2026 ResQ Software
+# SPDX-License-Identifier: Apache-2.0
+#
+# Thin caller for the org-wide reusable security-scan workflow in
+# resq-software/.github.
+
+name: security
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+  schedule:
+    - cron: '17 6 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+  pull-requests: read
+
+jobs:
+  scan:
+    uses: resq-software/.github/.github/workflows/security-scan.yml@main
+    with:
+      languages: '["csharp","actions"]'
+    secrets: inherit