mirror of
https://github.com/imjasonh/krust
synced 2026-07-07 22:35:25 +00:00
- Pin all GitHub Actions to specific commit SHAs for immutability - Add cargo-audit job to CI pipeline for vulnerability scanning - Create SECURITY.md with vulnerability reporting guidelines - Add Dependabot configuration for automated dependency updates - Weekly updates for both Cargo and GitHub Actions - Grouped patch and minor updates for Cargo dependencies - Update job dependencies to run security checks before integration tests This improves the project's security posture by: 1. Preventing action hijacking through SHA pinning 2. Catching known vulnerabilities early with cargo-audit 3. Providing clear security reporting channels 4. Automating dependency updates to reduce security debt 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
46 lines
962 B
YAML
46 lines
962 B
YAML
version: 2
|
|
updates:
|
|
# Enable version updates for Rust dependencies
|
|
- package-ecosystem: "cargo"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
time: "08:00"
|
|
open-pull-requests-limit: 10
|
|
reviewers:
|
|
- "imjasonh"
|
|
labels:
|
|
- "dependencies"
|
|
- "rust"
|
|
commit-message:
|
|
prefix: "chore"
|
|
include: "scope"
|
|
groups:
|
|
patch-updates:
|
|
patterns:
|
|
- "*"
|
|
update-types:
|
|
- "patch"
|
|
minor-updates:
|
|
patterns:
|
|
- "*"
|
|
update-types:
|
|
- "minor"
|
|
|
|
# Enable version updates for GitHub Actions
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
time: "08:00"
|
|
open-pull-requests-limit: 5
|
|
reviewers:
|
|
- "imjasonh"
|
|
labels:
|
|
- "dependencies"
|
|
- "github-actions"
|
|
commit-message:
|
|
prefix: "chore"
|
|
include: "scope"
|