demo of using repo rules to enforce seurity checks
To ensure security scans are ran, you can use a combination of:
- Reusable Workflows
- Repository Rulesets, and
- Required Status Checks, with the name of the job in the calling workflow and the name of the job in the reusable workflow separated by a space, forward slash, space
- For example:
security / security-checks
- For example:
- To ensure certain workflows aren’t updated, use the Codeowners file Example: compliance-*.yml workflows are owned by the security team
- Use this script to push workflow to selected repositories
- Link to my repo ruleset requiring this:
- Link to my repo ruleset blocking changes in repos to this workflow: