chore(work): finish 06-codeql-and-audit-signatures

This commit is contained in:
2026-05-14 19:56:40 +02:00
parent 63b3cb0c10
commit 2f57003b55
2 changed files with 10 additions and 19 deletions

View File

@@ -3,7 +3,7 @@ id: 06-codeql-and-audit-signatures
epic: 2026-05-14-ci-security-and-supply-chain
title: CodeQL workflow + pnpm audit signatures
type: technical-story
status: in-progress
status: done
feature: tooling
depends-on: []
blocks: [08-reviewer-prompt-update]
@@ -37,4 +37,4 @@ Add two baseline GitHub-native gates: (1) a `pnpm audit signatures --audit-level
## Tasks
- [x] Add `pnpm audit signatures --audit-level=high` as a step in `ci.yml`'s `validate` job; one commit, all gates pass.
- [ ] Create `.github/workflows/codeql.yml` (language: `javascript-typescript`; triggers: push to main, pull_request, weekly schedule Wednesday 02:00 UTC; default queries; consumer note about GitHub Advanced Security requirement for private repos); one commit, all gates pass.
- [x] Create `.github/workflows/codeql.yml` (language: `javascript-typescript`; triggers: push to main, pull_request, weekly schedule Wednesday 02:00 UTC; default queries; consumer note about GitHub Advanced Security requirement for private repos); one commit, all gates pass.

View File

@@ -1,5 +1,5 @@
{
"updated_at": "2026-05-14T17:54:43.702Z",
"updated_at": "2026-05-14T17:56:41.640Z",
"epics": {
"2026-05-13-binder-wrap-helper": {
"status": "done",
@@ -100,10 +100,10 @@
]
},
"06-codeql-and-audit-signatures": {
"status": "in-progress",
"status": "done",
"title": "CodeQL workflow + pnpm audit signatures",
"ac_total": 2,
"ac_completed": 1,
"ac_completed": 2,
"depends_on": [],
"blocks": [
"08-reviewer-prompt-update"
@@ -260,13 +260,13 @@
"ready": [
{
"epic": "2026-05-14-ci-security-and-supply-chain",
"story": "06-codeql-and-audit-signatures",
"title": "CodeQL workflow + pnpm audit signatures"
"story": "07-gitleaks-precommit",
"title": "Gitleaks pre-commit hook"
},
{
"epic": "2026-05-14-ci-security-and-supply-chain",
"story": "07-gitleaks-precommit",
"title": "Gitleaks pre-commit hook"
"story": "08-reviewer-prompt-update",
"title": "Sandcastle reviewer prompt update"
},
{
"epic": "2026-05-14-ci-security-and-supply-chain",
@@ -274,15 +274,6 @@
"title": "CI security guide + CLAUDE.md"
}
],
"blocked": [
{
"epic": "2026-05-14-ci-security-and-supply-chain",
"story": "08-reviewer-prompt-update",
"title": "Sandcastle reviewer prompt update",
"waiting_on": [
"2026-05-14-ci-security-and-supply-chain/06-codeql-and-audit-signatures"
]
}
],
"blocked": [],
"needs_prd_ship": []
}