[Build] Setup Dependabot and CodeQL for SecOps

ciesin-geospatial / TOPSTSCHOOL-SPHINX

TOPST SCHOOL Sphinx Documentation

Creative Commons Zero v1.0 Universal

3 stars 0 forks source link

Open xames3 opened 1 month ago

xames3 commented 1 month ago

this issue is more or less housekeeping involved and can be worked alongside the setting up actions workflow issue. the obvious deliverables for successful closure of this issue would be:
- [ ] setting up a dependabot workflow for keeping the repository and requirements up-to-date with proper security vulnerabilities check.

ideally, it should be taken up alongside the workflows issue.

xames3 commented 3 weeks ago

codeQL has been enabled. although the repository doesn't consist any relevant code to scan through, I've still added the codeQL as a safeguarding option.
have also enabled checking for any secrets on push. this can certainly avoid spoilers.