feat(gh): add default GitHub repo files

Author: ruzickap

.checkov.yml

@@ -0,0 +1,7 @@
+skip-path:
+  - files
+  - terraform
+
+skip-check:
+  # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty
+  - CKV_GHA_7

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,10 +1,9 @@
 ---
 name: Bug report
 about: Create a report to help us improve
-title: 'Bug: This is a sample issue title'
+title: "Bug: This is a sample issue title"
 labels: bug
 assignees: ruzickap
-
 ---
 
 **Describe the bug**

.github/ISSUE_TEMPLATE/proposal.md

@@ -1,10 +1,9 @@
 ---
 name: Proposal
 about: Suggest an idea for this project
-title: 'Proposal: This is a sample title'
+title: "Proposal: This is a sample title"
 labels: proposal
 assignees: ruzickap
-
 ---
 
 **Is your feature request related to a problem? Please describe**

.github/renovate.json5

@@ -13,6 +13,10 @@
   "git-submodules": {
     enabled: true,
   },
+  ignorePaths: [
+    // Ignore Terraform files
+    "terraform/**",
+  ],
   labels: [
     "renovate",
     "renovate/{{replace '.*/' '' depName}}",

.github/workflows/mega-linter.yml

@@ -12,6 +12,7 @@ permissions: read-all
 jobs:
   mega-linter:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:
       - name: Checkout Code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -33,10 +34,11 @@ jobs:
             # Extract:   ```bash ... ```
             sed -n "/^  \`\`\`\(bash\|shell\)$/,/^  \`\`\`$/p" "${FILE}" | sed '/^  ```*/d; s/^  //' >> README.sh
           done
+          ls -la README.sh
           chmod a+x README.sh
 
       - name: 💡 MegaLinter
-        uses: oxsecurity/megalinter@688bc7466d7ab4faa83d614c2e6f9acf42b674dc # v7.8.0
+        uses: oxsecurity/megalinter@190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2 # v7.9.0
         env:
           GITHUB_COMMENT_REPORTER: false
           GITHUB_STATUS_REPORTER: true

.github/workflows/stale.yml

@@ -3,7 +3,7 @@ name: stale
 
 on:
   schedule:
-    - cron: "30 1 * * *"
+    - cron: "9 9 * * *"
 
 permissions:
   issues: write

.mega-linter.yml

@@ -1,7 +1,7 @@
 # Configuration file for MegaLinter
 # See all available variables at https://megalinter.io/latest/configuration/ and in linters documentation
 
-BASH_SHFMT_ARGUMENTS: --indent 2 --space-redirects
+BASH_SHFMT_ARGUMENTS: --case-indent --indent 2 --space-redirects
 
 DISABLE_LINTERS:
   - MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead
@@ -26,9 +26,7 @@ PRINT_ALPACA: false
 # Disable creating report directory
 REPORT_OUTPUT_FOLDER: none
 
-# Issue: https://github.com/bridgecrewio/checkov/issues/3839
-# The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty
-REPOSITORY_CHECKOV_ARGUMENTS: --skip-check CKV_GHA_7
+REPOSITORY_CHECKOV_ARGUMENTS: --quiet
 
 # Do not leave debug code in production, Insecure URL
 REPOSITORY_DEVSKIM_ARGUMENTS: --ignore-globs CHANGELOG.md --ignore-rule-ids DS162092,DS137138

.trivyignore.yaml

@@ -1,13 +1,17 @@
 vulnerabilities:
-  # │ glob-parent  │ CVE-2020-28469 │ HIGH     │ fixed  │ 3.1.0             │ 5.1.2         │ Regular expression denial of service                        │
+  # │ glob-parent   │ CVE-2020-28469 │ HIGH     │ fixed    │ 3.1.0             │ 5.1.2               │ Regular expression denial of service                        │
   - id: CVE-2020-28469
-  # │ json5        │ CVE-2022-46175 │ HIGH     │ fixed  │ 0.5.1             │ 2.2.2, 1.0.2  │ json5: Prototype Pollution in JSON5 via Parse Method        │
+  # │ json5         │ CVE-2022-46175 │ HIGH     │ fixed    │ 0.5.1             │ 2.2.2, 1.0.2        │ json5: Prototype Pollution in JSON5 via Parse Method        │
   - id: CVE-2022-46175
-  # │ loader-utils │ CVE-2022-37601 │ CRITICAL │ fixed  │ 0.2.17            │ 2.0.3, 1.4.1  │ loader-utils: prototype pollution in function parseQuery in │
+  # │ loader-utils  │ CVE-2022-37601 │ CRITICAL │ fixed    │ 0.2.17            │ 2.0.3, 1.4.1        │ loader-utils: prototype pollution in function parseQuery in │
   - id: CVE-2022-37601
-  # │ node-forge   │ CVE-2022-24771 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification leniency in checking     │
+  # │ node-forge    │ CVE-2022-24771 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification leniency in checking     │
   - id: CVE-2022-24771
-  # │ node-forge   │ CVE-2022-24772 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification failing to check tailing │
+  # │ node-forge    │ CVE-2022-24772 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification failing to check tailing │
   - id: CVE-2022-24772
-  # │ nth-check    │ CVE-2021-3803  │ HIGH     │ fixed  │ 1.0.2             │ 2.0.1         │ inefficient regular expression complexity                   │
+  # │ nth-check     │ CVE-2021-3803  │ HIGH     │ fixed    │ 1.0.2             │ 2.0.1               │ inefficient regular expression complexity                   │
   - id: CVE-2021-3803
+  # | ip            │ CVE-2023-42282 │ HIGH     │ affected │ 1.1.8             │                     │ An issue in NPM IP Package v.1.1.8 and before allows an     │
+  - id: CVE-2023-42282
+  # │ normalize-url │ CVE-2021-33502 │ HIGH     │ fixed    │ 4.5.0             │ 4.5.1, 5.3.1, 6.0.1 │ ReDoS for data URLs                                         │
+  - id: CVE-2021-33502