From d0eea1c3f3e21c3b58819fb250050de1aa0d44a5 Mon Sep 17 00:00:00 2001 From: "stepsecurity-app[bot]" <188008098+stepsecurity-app[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 06:26:06 +0000 Subject: [PATCH] [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot --- .github/dependabot.yml | 51 +++++++++++++++++++++++++++++++++++++++++ .pre-commit-config.yaml | 8 +++++++ 2 files changed, 59 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..4aa22c0 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,51 @@ +version: 2 +updates: + - package-ecosystem: pip + directory: /Reports/top-vulns-report + schedule: + interval: daily + groups: + dev-dependencies: + applies-to: version-updates + patterns: + - '*' + dependency-type: development + production-dependencies: + applies-to: version-updates + patterns: + - '*' + dependency-type: production + cooldown: + default-days: 7 + semver-major-days: 30 + semver-minor-days: 14 + semver-patch-days: 5 + include: + - '*' + exclude: + - react + + - package-ecosystem: pip + directory: / + schedule: + interval: daily + groups: + dev-dependencies: + applies-to: version-updates + patterns: + - '*' + dependency-type: development + production-dependencies: + applies-to: version-updates + patterns: + - '*' + dependency-type: production + cooldown: + default-days: 7 + semver-major-days: 30 + semver-minor-days: 14 + semver-patch-days: 5 + include: + - '*' + exclude: + - react diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 13c1265..6f84def 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,3 +5,11 @@ repos: - id: nbstripout files: \.ipynb$ exclude: \.ipynb_checkpoints/.* + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.3 + hooks: + - id: gitleaks + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: end-of-file-fixer