diff --git a/dot_config/bagel/bagel.yaml b/dot_config/bagel/bagel.yaml new file mode 100644 index 000000000..520b51aaf --- /dev/null +++ b/dot_config/bagel/bagel.yaml @@ -0,0 +1,26 @@ +version: 1 +probes: + git: + enabled: true + ssh: + enabled: true + npm: + enabled: true + env: + enabled: true + shell_history: + enabled: true + cloud: + enabled: true + jetbrains: + enabled: true + gh: + enabled: true + ai_cli: + enabled: true +privacy: + redact_paths: [] + exclude_env_prefixes: [] +output: + include_file_hashes: false + include_file_content: false diff --git a/dot_config/mise/config.toml b/dot_config/mise/config.toml index 1f26cfadc..20601a9c6 100644 --- a/dot_config/mise/config.toml +++ b/dot_config/mise/config.toml @@ -15,6 +15,7 @@ ASDF_FFMPEG_ENABLE = "gpl libx264" "aqua:astral-sh/uv" = "0.11.7" "aqua:atuinsh/atuin" = "18.8.0" "aqua:bitwarden/clients" = "2025.9.0" +"aqua:boostsecurityio/bagel" = "0.6.1" "aqua:cli/cli" = "2.90.0" "aqua:dandavison/delta" = "0.19.2" "aqua:denisidoro/navi" = "2.23.0" @@ -211,3 +212,11 @@ run = "prettier --check '**/*.json'" [tasks.fix-json] description = "Run fix json files" run = "prettier --write '**/*.json'" + +[tasks.bagel-scan] +description = "Run bagel scan to inventory security-relevant metadata" +run = "bagel scan" + +[tasks.bagel-version] +description = "Show bagel version" +run = "bagel version" diff --git a/mise.toml b/mise.toml index 9bb71ee7d..3ded7edce 100644 --- a/mise.toml +++ b/mise.toml @@ -93,8 +93,17 @@ run = [ [tools] "aqua:rhysd/actionlint" = "1.7.12" +"aqua:boostsecurityio/bagel" = "0.6.1" "aqua:suzuki-shunsuke/ghalint" = "1.5.5" "aqua:suzuki-shunsuke/pinact" = "3.9.2" "aqua:tamasfe/taplo" = "0.10.0" "npm:prettier" = "3.8.1" "pipx:zizmor" = "1.23.1" + +[tasks.bagel-scan] +description = "Run bagel scan to inventory security-relevant metadata" +run = "bagel scan" + +[tasks.bagel-version] +description = "Show bagel version" +run = "bagel version"