Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: 2
updates:
# GitHub Actions — keeps the SHA-pinned actions current
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 5
groups:
actions:
patterns: ["*"]
7 changes: 5 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,16 @@ on:
branches: [main]
pull_request:

permissions:
contents: read

jobs:
checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

- uses: actions/setup-python@v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.11"

Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: CodeQL

on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: "27 3 * * 1" # weekly, Monday 03:27 UTC

permissions:
contents: read

jobs:
analyze:
name: Analyze (python)
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

- name: Initialize CodeQL
uses: github/codeql-action/init@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3
with:
languages: python
queries: security-extended

- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3
with:
category: "/language:python"
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![Python](https://img.shields.io/badge/Python-3.11+-3776AB?logo=python&logoColor=white)](https://www.python.org/)
[![CI](https://github.com/Jott2121/bow/actions/workflows/ci.yml/badge.svg)](https://github.com/Jott2121/bow/actions/workflows/ci.yml)
[![CodeQL](https://github.com/Jott2121/bow/actions/workflows/codeql.yml/badge.svg)](https://github.com/Jott2121/bow/actions/workflows/codeql.yml)
[![private test suite](https://img.shields.io/badge/private%20test%20suite-382%20tests%20(June%202026)-informational.svg)](docs/CASE-STUDY.md)
[![built with](https://img.shields.io/badge/built%20with-Claude%20Opus%204.8-blueviolet.svg)](docs/FLEET-MODE.md)

Expand Down
36 changes: 36 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Security Policy

## Supported versions

This repository is a sanitized public case study and a small set of illustrative
code snippets. Fixes target the latest version on the `main` branch.

| Version | Supported |
| ---------------- | --------- |
| latest (`main`) | yes |
| older tags | no |

## Reporting a vulnerability

Please do not open a public issue for security vulnerabilities.

Report privately through GitHub's
[Report a vulnerability](https://github.com/Jott2121/bow/security/advisories/new)
flow (the repository's Security and Advisories tab). I aim to acknowledge reports
within 72 hours and to ship a fix or mitigation for confirmed issues as quickly
as is practical.

When reporting, please include:

- a description of the issue and its impact,
- steps to reproduce (a minimal proof of concept if possible), and
- any suggested remediation.

## Scope

The published snippets are illustrative (resilience, scheduling, single writer
dispatch). Findings of interest include unsafe file or process handling in the
snippets and supply chain risks in CI. This repository pins its GitHub Actions to
commit SHAs and runs CodeQL and Dependabot to reduce that surface.

Thanks for helping keep it solid.
Loading