This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/comdev.git
from 64416aa Remove desktop notification.
add 34bfcc9 security: harden supply chain and add vulnerability reporting
policy
new 9aa6384 Merge pull request #4 from potiuk/security-hardening
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/dependabot.yml | 44 +++++++++++++++++++++++++++++
.github/workflows/codeql.yml | 44 +++++++++++++++++++++++++++++
.github/workflows/dependency-review.yml | 29 +++++++++++++++++++
.github/workflows/scorecard.yml | 46 ++++++++++++++++++++++++++++++
.github/workflows/zizmor.yml | 34 ++++++++++++++++++++++
SECURITY.md | 50 +++++++++++++++++++++++++++++++++
6 files changed, 247 insertions(+)
create mode 100644 .github/dependabot.yml
create mode 100644 .github/workflows/codeql.yml
create mode 100644 .github/workflows/dependency-review.yml
create mode 100644 .github/workflows/scorecard.yml
create mode 100644 .github/workflows/zizmor.yml
create mode 100644 SECURITY.md
