QuantumNous/new-api
1
23.9k
Fork 0
mirror of https://github.com/QuantumNous/new-api.git synced 2026-03-31 05:02:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
new-api/.github
History
CaIon a5e20269dd security: harden Docker and release CI workflows 
- Pin all GitHub Actions to commit SHA to prevent supply chain attacks
- Enable SLSA provenance attestation (mode=max) and SBOM generation
- Add cosign keyless signing for Docker images via GitHub OIDC
- Capture and output image digests to GitHub Job Summary
- Pin Dockerfile base images to digest (bun:1, golang:1.26.1-alpine, debian:bookworm-slim)
- Add SHA256 checksum generation for binary releases (Linux/macOS/Windows)
- Update actions/checkout v3->v4, actions/setup-go v3->v5 in release.yml
2026-03-24 23:56:15 +08:00
..
ISSUE_TEMPLATE
feat: remove unnecessary section for screenshots in bug report templates
2026-03-14 15:50:42 +08:00
PULL_REQUEST_TEMPLATE
chore: refine PR template
2026-03-17 17:34:21 +08:00
workflows
security: harden Docker and release CI workflows
2026-03-24 23:56:15 +08:00
CODE_OF_CONDUCT.md
feat: add CODE_OF_CONDUCT and SECURITY.md files for community guidelines and vulnerability reporting
2026-01-26 20:37:50 +08:00
SECURITY.md
Add link to GitHub Security Advisories for reporting
2026-01-26 20:43:12 +08:00