caddy-proxy-manager

akanealw/caddy-proxy-manager

Fork 0

Commit Graph

Author	SHA1	Message	Date
Copilot	81be14e95e	configure dependabot for bun ecosystem (#103 ) Agent-Logs-Url: https://github.com/fuomag9/caddy-proxy-manager/sessions/169dafb8-7aec-48bd-b02d-f0cea1d14bf8 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: fuomag9 <1580624+fuomag9@users.noreply.github.com>	2026-04-16 01:12:33 +02:00
fuomag9	830e92127e	Replace npm with bun in Dependabot config Signed-off-by: fuomag9 <fuo@fuo.fi>	2026-04-03 13:50:48 +02:00
Claude	fdb9ca6786	Add comprehensive security enhancements to build pipeline Security Improvements: - Fork PR Protection: Builds from forks require manual 'safe-to-build' label approval - Trivy Vulnerability Scanning: Scan all images for CRITICAL/HIGH vulnerabilities - SHA-Pinned Actions: All GitHub Actions pinned to specific commits for supply chain security - SBOM Generation: Generate Software Bill of Materials for all builds - Provenance Attestation: Record build provenance for supply chain verification - Security Events Upload: Upload scan results to GitHub Security tab - Platform Optimization: Single-platform builds for PRs for faster feedback Additional Security: - Created SECURITY.md with vulnerability reporting process and security practices - Added Dependabot configuration for automated dependency updates - Limited permissions model (contents:read, packages:write, security-events:write) - No registry push from PR builds (load-only for security scanning) This addresses concerns about malicious PR builds by: 1. Requiring manual approval for fork PRs 2. Scanning all images before they could be pushed 3. Preventing PR builds from pushing to registry 4. Using verified, SHA-pinned actions	2025-11-04 21:29:01 +00:00

Author

SHA1

Message

Date

Copilot

81be14e95e

configure dependabot for bun ecosystem (#103 )

Agent-Logs-Url: https://github.com/fuomag9/caddy-proxy-manager/sessions/169dafb8-7aec-48bd-b02d-f0cea1d14bf8

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: fuomag9 <1580624+fuomag9@users.noreply.github.com>

2026-04-16 01:12:33 +02:00

fuomag9

830e92127e

Replace npm with bun in Dependabot config

Signed-off-by: fuomag9 <fuo@fuo.fi>

2026-04-03 13:50:48 +02:00

Claude

fdb9ca6786

Add comprehensive security enhancements to build pipeline

Security Improvements:
- Fork PR Protection: Builds from forks require manual 'safe-to-build' label approval
- Trivy Vulnerability Scanning: Scan all images for CRITICAL/HIGH vulnerabilities
- SHA-Pinned Actions: All GitHub Actions pinned to specific commits for supply chain security
- SBOM Generation: Generate Software Bill of Materials for all builds
- Provenance Attestation: Record build provenance for supply chain verification
- Security Events Upload: Upload scan results to GitHub Security tab
- Platform Optimization: Single-platform builds for PRs for faster feedback

Additional Security:
- Created SECURITY.md with vulnerability reporting process and security practices
- Added Dependabot configuration for automated dependency updates
- Limited permissions model (contents:read, packages:write, security-events:write)
- No registry push from PR builds (load-only for security scanning)

This addresses concerns about malicious PR builds by:
1. Requiring manual approval for fork PRs
2. Scanning all images before they could be pushed
3. Preventing PR builds from pushing to registry
4. Using verified, SHA-pinned actions

2025-11-04 21:29:01 +00:00

3 Commits