1
0
Fork 0
mirror of https://github.com/imjasonh/krust synced 2026-07-08 06:45:32 +00:00
Commit graph

1 commit

Author SHA1 Message Date
Jason Hall
bd515ce3e2
feat: Add supply chain security improvements
- Pin all GitHub Actions to specific commit SHAs for immutability
- Add cargo-audit job to CI pipeline for vulnerability scanning
- Create SECURITY.md with vulnerability reporting guidelines
- Add Dependabot configuration for automated dependency updates
  - Weekly updates for both Cargo and GitHub Actions
  - Grouped patch and minor updates for Cargo dependencies
- Update job dependencies to run security checks before integration tests

This improves the project's security posture by:
1. Preventing action hijacking through SHA pinning
2. Catching known vulnerabilities early with cargo-audit
3. Providing clear security reporting channels
4. Automating dependency updates to reduce security debt

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 00:48:19 -04:00