/
security.json
27 lines (27 loc) · 1.08 KB
/
security.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"description": "Presets that harden security for shared GitHub Action Workflows",
"packageRules": [
{
"description": "Pin `github-action` digests. As per GitHubs [security best practice](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).",
"dependencyDashboardApproval": true,
"excludePackagePrefixes": [
"actions/",
"github/",
"google-github-actions/",
"pnpm/"
],
"groupName": null,
"matchDepTypes": ["action"],
"pinDigests": true,
"schedule": []
},
{
"description": "GitHub has forked the tibdex/github-app-token workflow and have vowed to maintain it and uphold strict security best practices: https://github.com/tibdex/github-app-token/issues/99#issuecomment-1787602874",
"matchDepTypes": ["action"],
"matchPackageNames": ["tibdex/github-app-token"],
"replacementName": "actions/create-github-app-token",
"replacementVersion": "v1"
}
]
}