search

helyOSFramework / helyos_core

helyOS Core is a microservice and assignment orchestrator developed by the Fraunhofer IVI.
https://helyosframework.org
Other
3 stars 1 forks source link

CVE: Enable code scanning, dependabot #50

Open SamiAlavi opened 1 month ago

SamiAlavi commented 1 month ago

CodeQL: https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning Dependabot: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

SamiAlavi commented 1 month ago

Enabling CodeQL and Dependabot in Repository Settings

  1. Navigate to Settings > Code Security.
  2. Enable Dependency Graph.
  3. Under Dependabot, enable all available options.

To review potential issues, go to Security > Code Scanning.

Adding Labels to Pull Requests

  1. Go to the Pull Requests section of your repository.
  2. Add the following labels:
    • npm
    • helyos_dashboard
    • helyos_server
    • tests

Dependabot will automatically apply these labels to the pull requests it creates.

To monitor Dependabot issues, visit Security > Dependabot.