scheiblingco · scheibling · May 20, 2023 · Jul 20, 2022 · May 20, 2023 · Sep 6, 2022
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,48 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '26 11 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dev_testing.yml b/.github/workflows/dev_testing.yml
@@ -14,7 +14,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version:
-          - "3.9"
+          - "3.10"
         os:
           - "ubuntu-latest"
           - "macOS-latest"

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -18,17 +18,17 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
-          python-version: "3.9"
+          python-version: "3.10"
 
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r requirements.txt
-          pip install pylint pylint-report
+          pip install pylint pylint-report pylint-json2html
 
       - name: Run tests
         run: |
-          pylint src/sshkey_tools/ | pylint_report.py > report.html
+          pylint src/sshkey_tools --exit-zero | pylint-json2html -o report.html
 
       - name: Upload report
         uses: actions/upload-artifact@v1

diff --git a/.pylintrc b/.pylintrc
@@ -1,5 +1,2 @@
-[MASTER]
-load-plugins=pylint_report
-
 [REPORTS]
-output-format=pylint_report.CustomJsonReporter
+output-format=json
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+Only the latest version will be supported during the beta phase
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.9.x   | :white_check_mark: |
+
+
+## Reporting a Vulnerability
+
+If you find a vulnerability, feel free to send it in under Issues or send us a message here on GitHub. 
+Critical vulnerabilities will be sorted next-day, less critical next-weekday.