| https://github.com/apps/dco |
| Linting GitHub Action workflow .yaml Files: https://github.com/rhysd/actionlint |
|
|
|
|
|
|
| Example - ReadTheDocs webhook: https://docs.readthedocs.io/en/stable/integrations.html |
- Static analysis aka Static Application Security Testing (SAST)
| Example - CodeQL: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql Example - Snyk: https://docs.snyk.io/integrations/git-repository-scm-integrations/github-integration |
- Software Composition Analysis dependency scans
- And/or setup Dependabot in Settings/Security
| Dependabot: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates |
- Note: use Reusable github actions to reduce the number of top-level checks
| https://docs.github.com/en/actions/using-workflows/reusing-workflows |