Research stricter github actions to integrate in our workflows

[xmonader]

check also on typescript repo https://github.com/microsoft/TypeScript/tree/main/.github

also check the marketplace please https://github.com/marketplace

[Mahmoud-Emad]

Could you please provide some extra details?

[zaelgohary]

I found some workflows that might be useful.

typos-action

codecov

yarn-lock-changes

AI-code-review

[samaradel]

some suggestions to discuss (updated):

• github-checks
• opencommit-improve-commits-with-ai
• cache
• release-drafter
• create-pull-request
• release-please-action
• sentry-release
• dependency-review
• trufflehog-oss
• pull-request-title-rules

[samaradel]

Work in Progress (WIP):

openAI workflow integrated, need more strict workflows

[xmonader]

I'm suggesting integration of

commitcheck codacy snyk

or similar as well

[samaradel]

I'm suggesting integration of

commitcheck codacy snyk

or similar as well

I had the same suggestions but it turns out it's apps, not workflows

[khaledyoussef24]

how can we verify this ?

[samaradel]

how can we verify this?

@AhmedHanafy725 can you help, please

[khaledyoussef24]

verified the usage of snyk(security tool) and it is added to the work flows code scanning is working effectively

automatic issue creation for Security Issues Detected Server-side Request Forgery

Use of a Broken or Weak Cryptographic Algorithm

Missing Rate Limiting

Use of Password Hash with Insufficient Computational Effort

Clear Text Storage of Sensitive Information