Skip to content

Security new standarization#18

Merged
eloi010 merged 5 commits into
mainfrom
security-new-standarization
Feb 27, 2026
Merged

Security new standarization#18
eloi010 merged 5 commits into
mainfrom
security-new-standarization

Conversation

@eloi010

@eloi010 eloi010 commented Feb 27, 2026

Copy link
Copy Markdown
Collaborator

Adding Dependabot Version Updates and Security Code Scanner.


Note

Medium Risk
Introduces new CI automation (Dependabot + security scanning) that can create PR noise and fail builds/workflows if misconfigured, but it does not change application runtime behavior.

Overview
Adds dependabot.yml to enable weekly GitHub Actions dependency update PRs with grouping, labeling, assignee, and a 7-day cooldown.

Updates the nft-resolver-tests workflow to use newer actions/checkout@v6 and actions/cache@v5, and adds a new Security Code Scanner workflow that runs the shared MetaMask/action-security-code-scanner workflow on push/pull_request (and via workflow_call/manual dispatch) with SARIF write permissions and optional metrics/Slack secrets.

Written by Cursor Bugbot for commit ac2f77c. This will update automatically on new commits. Configure here.

@socket-security

socket-security Bot commented Feb 27, 2026

Copy link
Copy Markdown

@github-advanced-security

Copy link
Copy Markdown

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces repo-level security automation by adding Dependabot version updates for GitHub Actions and a reusable security code scanning workflow, and updates the existing CI workflow to newer action versions.

Changes:

  • Add a GitHub Actions security code scanning workflow (reusable via workflow_call).
  • Add a dependabot.yml configuration to keep GitHub Actions dependencies updated on a weekly cadence.
  • Update the nft-resolver-tests workflow to use newer actions/checkout / actions/cache versions.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/workflows/security-code-scanner.yml Adds a reusable “Security Code Scanner” workflow based on MetaMask’s security scanning workflow.
.github/workflows/nft-resolver-tests.yml Updates action dependencies used by the test workflow (but currently references non-existent major versions).
.github/dependabot.yml Adds Dependabot configuration to automate GitHub Actions dependency updates and grouping.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@eloi010 eloi010 merged commit b28a705 into main Feb 27, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants