[Task] 🛠️ Security: Configure security analysis: Private Vuln Reporting | Dependabot

[iPoetDev]

Task Topic

Other

Task Description

Configure repository security and analysis using GitHub Secuirty Settings

Tasks

• Private vulnerability reporting
• Dependency graph
• Automatic dependency submission
• Dependabot
  • Dependabot alerts
    • Dependabot rules
  • Dependabot security updates
  • Grouped security updates
  • Dependabot version updates
  • Dependabot on Actions runners

Code scanning

Tools

• CodeQL analysis
• Other Tools
  • Add any third-party

Protection Rules

• Security alert severity levels: High or Higher
• Standard alert severity level: Only Errors

Secret scanning

• Receive alerts on GitHub for detected secrets, keys, or other tokens.
• Push protection: Block commits that contain supported secrets

Use Case

Outline: Security and analysis features help keep your repository secure and updated.

• Enable these features to perform read-only analysis on your repository.

Additional Information

• https://github.com/iPoetDev/ibm-skills-ai-colab-sessions/security
• https://github.com/iPoetDev/ibm-skills-ai-colab-sessions/settings/security_analysis

[iPoetDev]

✅ Initailise Dependabot on a weekly basis