Add scheduled security scan workflow

2026-05-03 22:01:41 +02:00
parent a218e338bd
commit 6308417945
8 changed files with 241 additions and 1 deletions
--- a/existing-project.md
+++ b/existing-project.md
@@ -120,6 +120,8 @@ If CI does not exist:
 - remove stack-specific steps that do not apply,
 - keep publishing disabled until credentials and artifact names are known.

+For releasable projects, add `.gitea/workflows/security-scan.yml` unless the repository already has equivalent scheduled security automation. If an existing scanner is present, document it in `.codex/project.md` instead of duplicating it.
+
 ### 6. Security Review

 Fill `docs/security-review.md` with known facts.