Baptiste Gauduchon

options to consider: * with dependabot : https://github.com/zenika-open-source/terraform-azure-cli/security/code-scanning * Docker Bench Security: https://github.com/docker/docker-bench-security * Anchor Engine Github Action : https://github.com/anchore/scan-action * Clair: https://github.com/quay/clair

Using create issue Github action: https://github.com/marketplace/actions/create-an-issue

https://github.com/orgs/Zenika/projects/93 Pain in the ass to convert project note to issue (need a repository to create issues in) Maybe each repository should have it's own project ?

Store docker images in Github Container Registry

1

Instead of saving images as artifacts in workflow, use Github packages (in addition of the Docker Hub): https://docs.github.com/en/actions/publishing-packages-with-github-actions/about-packaging-with-github-actions

Choose one of the following: * https://semver.org/ * https://calver.org/ * other ?

- Create a CONTRIBUTING.md: https://docs.github.com/en/github/building-a-strong-community/setting-guidelines-for-repository-contributors - Enable Github actions on forked repository: https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull-request-events-for-forked-repositories

Allow watching * Github Actions updates : https://github.blog/2020-06-25-dependabot-now-updates-your-actions-workflows/ * Docker dependancies Available Packages ecosystem: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem Configuration : https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates