demo of using repo rules to enforce seurity checks
To ensure security scans are ran, you can use a combination of:
- Reusable Workflows
- Repository Rulesets, and
- Required Status Checks, with the name of the job in the calling workflow and the name of the job in the reusable workflow separated by a space, forward slash, space
- For example:
security / security-checks
- For example:
- To ensure certain workflows aren’t updated, use the Codeowners file Example: compliance-*.yml workflows are owned by the security team
- Use this script to push workflow to selected repositories https://github.com/joshjohanning/github-misc-scripts/blob/main/gh-cli/add-workflow-file-to-repositories.sh