Centralized security workflows: CodeQL analysis, Octoscan, and permissions auditing for all repositories
- CodeQL Analysis - Automated code security scanning for github actions
- Zizmor - GitHub Actions workflow vulnerability detection
- Octoscan - GitHub Actions workflow vulnerability detection
- Permissions Advisor - Workflow permissions optimization and least-privilege enforcement
- How to use it
- Summary of Github best practises
- CodeQL auery help for Github Actions https://codeql.github.com/codeql-query-help/actions/
- How to resolve issues
- How to configure CodeQL to scanning repo's code
- Exclustions reasons:
- unpinned-tag => because if you add commit sha instead of version, we got api errors because
Releases are managed by Semantic release.
Each commit must follow the Conventional commits specification.
To release a new version, you have to go on the Release version, and click on the Run workflow button.
A new release and tag will be created according the last commits.
To add a new major version, execute New major version
- fix: a commit of the type fix patches a bug in your codebase
- feat: a commit of the type feat introduces a new feature to the codebase
- BREAKING CHANGE: a commit that has a footer BREAKING CHANGE:, or appends a ! after the type/scope, introduces a breaking API change
- types other than fix: and feat: are allowed, for example @commitlint/config-conventional (based on the Angular convention) recommends build:, chore:, ci:, docs:, style:, refactor:, perf:, test:, and others.