docs(security): sync .bestpractices.json to live passing state (drop vestigial _url keys) #260
security.yml
on: pull_request
OSV-Scanner (SCA)
6s
Trivy (filesystem + container scan)
8s
Semgrep (SAST)
22s
Gitleaks (secret scan)
7s
jscpd (duplication < 3% on touched code)
37s
SBOM (SPDX + CycloneDX)
25s
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sbom
|
60 KB |
sha256:94f988953e995cefda8984d378034cb69767f65602b681ec69e67b8498e36095
|
|