Skip to content

CI: security scanning (CodeQL + pip-audit/Dependabot + gitleaks) #9

Description

@wimaan3

Context

Automate security scanning in CI.

Acceptance criteria

  • CodeQL (Python) on PRs + main.
  • pip-audit + Dependabot config.
  • gitleaks secret scan on PRs.
  • Findings gate the build or are triaged.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ciCI / build pipelinesecuritySecurity, threat-model, vulnerability

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions