Borg/.github/dependabot.yml at a98202797c5b15e2291474b3803dd430d64353b2 - Snider/Borg - Forgejo: Beyond coding. We Forge.

Snider/Borg

google-labs-jules[bot] b86e0c3e8e feat: Harden CI/CD pipeline security

This commit hardens the CI/CD pipeline by addressing several security
vulnerabilities.

- Replaces the manual release process with `goreleaser` to streamline
  builds and enable artifact signing.
- Pins all GitHub Actions to specific commit hashes to prevent supply
  chain attacks.
- Enables cryptographic signing of release artifacts using `cosign` and
  Sigstore's keyless signing.
- Adds a Dependabot configuration to automate dependency updates.
- Removes excessive `contents: write` permissions from workflows.
- Creates an `AUDIT-CICD.md` file to document the audit findings and
  remediation steps.

Co-authored-by: Snider <631881+Snider@users.noreply.github.com>

2026-02-02 01:24:12 +00:00

7 lines

144 B

YAML

Raw Blame History

 # Enable Dependabot for Go modules
 version: 2
 updates:
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
       interval: "weekly"