-
Notifications
You must be signed in to change notification settings - Fork 0
Pipeline Automation
Jack Edwards edited this page Apr 3, 2026
·
8 revisions
This repository uses several tools to scan code, commits and dependencies. These are primarily driven through the use of PR checks and deployment runs using GitHub actions.
The aim is to use free and open source tools wherever possible to detect bugs, vulnerabilities and codesmells as early as possible before any changes are merged to main.
If you wish to contribute, please read the contributing.md file in the repository for details on what tooling you will need to make sure your PRs will merge successfully.
This is a list of tooling used by this repository to find vulnerabilities & bugs.
- PR checks are not currently set to fail if a vulnerability is found, please review your PR scans before requesting a review.
- Unfixed vulnerabilities of medium severity or higher must be justified to a PR reviewer before merging
| Capability | Tool |
|---|---|
| Automated dependency updates | Renovate |
| Code Bugs | CodeQL semgrep |
| Dependency Vulnerabilities | Snyk |
| Container Vulnerabiltiies | Grype Scout Trivy |