feat(gh): add default GitHub repo files

Author: ruzickap

.checkov.yml

@@ -0,0 +1,3 @@
+skip-check:
+  # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty
+  - CKV_GHA_7

.github/workflows/mega-linter.yml

@@ -33,6 +33,7 @@ jobs:
             # Extract:   ```bash ... ```
             sed -n "/^  \`\`\`\(bash\|shell\)$/,/^  \`\`\`$/p" "${FILE}" | sed '/^  ```*/d; s/^  //' >> README.sh
           done
+          ls -la README.sh
           chmod a+x README.sh
 
       - name: 💡 MegaLinter

.lycheeignore

@@ -1 +1 @@
-.*.mylabs.dev
+mylabs.dev

.mega-linter.yml

@@ -1,7 +1,7 @@
 # Configuration file for MegaLinter
 # See all available variables at https://megalinter.io/latest/configuration/ and in linters documentation
 
-BASH_SHFMT_ARGUMENTS: --indent 2 --space-redirects
+BASH_SHFMT_ARGUMENTS: --case-indent --indent 2 --space-redirects
 
 DISABLE_LINTERS:
   - MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead
@@ -26,9 +26,7 @@ PRINT_ALPACA: false
 # Disable creating report directory
 REPORT_OUTPUT_FOLDER: none
 
-# Issue: https://github.com/bridgecrewio/checkov/issues/3839
-# The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty
-REPOSITORY_CHECKOV_ARGUMENTS: --skip-check CKV_GHA_7
+REPOSITORY_CHECKOV_ARGUMENTS: --quiet
 
 # Do not leave debug code in production, Insecure URL
 REPOSITORY_DEVSKIM_ARGUMENTS: --ignore-globs CHANGELOG.md --ignore-rule-ids DS162092,DS137138

.trivyignore.yaml

@@ -1,13 +1,15 @@
 vulnerabilities:
-  # │ glob-parent  │ CVE-2020-28469 │ HIGH     │ fixed  │ 3.1.0             │ 5.1.2         │ Regular expression denial of service                        │
+  # │ glob-parent  │ CVE-2020-28469 │ HIGH     │ fixed    │ 3.1.0             │ 5.1.2         │ Regular expression denial of service                        │
   - id: CVE-2020-28469
-  # │ json5        │ CVE-2022-46175 │ HIGH     │ fixed  │ 0.5.1             │ 2.2.2, 1.0.2  │ json5: Prototype Pollution in JSON5 via Parse Method        │
+  # │ json5        │ CVE-2022-46175 │ HIGH     │ fixed    │ 0.5.1             │ 2.2.2, 1.0.2  │ json5: Prototype Pollution in JSON5 via Parse Method        │
   - id: CVE-2022-46175
-  # │ loader-utils │ CVE-2022-37601 │ CRITICAL │ fixed  │ 0.2.17            │ 2.0.3, 1.4.1  │ loader-utils: prototype pollution in function parseQuery in │
+  # │ loader-utils │ CVE-2022-37601 │ CRITICAL │ fixed    │ 0.2.17            │ 2.0.3, 1.4.1  │ loader-utils: prototype pollution in function parseQuery in │
   - id: CVE-2022-37601
-  # │ node-forge   │ CVE-2022-24771 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification leniency in checking     │
+  # │ node-forge   │ CVE-2022-24771 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification leniency in checking     │
   - id: CVE-2022-24771
-  # │ node-forge   │ CVE-2022-24772 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification failing to check tailing │
+  # │ node-forge   │ CVE-2022-24772 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification failing to check tailing │
   - id: CVE-2022-24772
-  # │ nth-check    │ CVE-2021-3803  │ HIGH     │ fixed  │ 1.0.2             │ 2.0.1         │ inefficient regular expression complexity                   │
+  # │ nth-check    │ CVE-2021-3803  │ HIGH     │ fixed    │ 1.0.2             │ 2.0.1         │ inefficient regular expression complexity                   │
   - id: CVE-2021-3803
+  # | ip           │ CVE-2023-42282 │ HIGH     │ affected │ 1.1.8             │               │ An issue in NPM IP Package v.1.1.8 and before allows an     │
+  - id: CVE-2023-42282