scripts/new-post.mjs writes schema-valid posts from flags or a JSON event (the IaC publish seam). Gitea Actions workflow: ci check, audit-ci gate, build, dist scan, CycloneDX SBOM, buildah build+push, and a least-privilege digest-bump PR to home-ops (never auto-merged). Renovate + audit allowlist.
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"$schema": "https://raw.githubusercontent.com/IBM/audit-ci/main/docs/schema.json",
|
||||
"high": true,
|
||||
"critical": true,
|
||||
"report-type": "summary",
|
||||
"allowlist": [
|
||||
"GHSA-gv7w-rqvm-qjhr"
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user