1
0
Fork 0
mirror of https://github.com/imjasonh/krust synced 2026-07-08 06:45:32 +00:00
krust/.github
Jason Hall bd515ce3e2
feat: Add supply chain security improvements
- Pin all GitHub Actions to specific commit SHAs for immutability
- Add cargo-audit job to CI pipeline for vulnerability scanning
- Create SECURITY.md with vulnerability reporting guidelines
- Add Dependabot configuration for automated dependency updates
  - Weekly updates for both Cargo and GitHub Actions
  - Grouped patch and minor updates for Cargo dependencies
- Update job dependencies to run security checks before integration tests

This improves the project's security posture by:
1. Preventing action hijacking through SHA pinning
2. Catching known vulnerabilities early with cargo-audit
3. Providing clear security reporting channels
4. Automating dependency updates to reduce security debt

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 00:48:19 -04:00
..
workflows feat: Add supply chain security improvements 2025-06-08 00:48:19 -04:00
dependabot.yml feat: Add supply chain security improvements 2025-06-08 00:48:19 -04:00