Application security in CI

This issue tracks the rollout of application security in CI.

Requires workflow updates:

* [x] Dependabot Version updates
* [x] dependency review
* [x] OpenSSF scorecard and best practices (badges in README)
* [x] release artifact attestation
* [x] release SBOMs
* [ ] ~coverage, if possible (badge in README)~ Only integration tests available.
* [x] code linters

Requires repository config updates, after workflows updates are merged:

* [ ] Dependabot Alerts
* [ ] Dependabot Security updates
* [ ] CodeQL
* [ ] secret scanning and push protection
* [ ] private vulnerability reporting

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Application security in CI #68

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Application security in CI #68

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions