Skip to content

[StepSecurity] Apply security best practices#4

Merged
pethers merged 1 commit intoHack23:masterfrom
step-security-bot:stepsecurity_remediation_1681037807
Apr 9, 2023
Merged

[StepSecurity] Apply security best practices#4
pethers merged 1 commit intoHack23:masterfrom
step-security-bot:stepsecurity_remediation_1681037807

Conversation

@step-security-bot
Copy link
Copy Markdown
Contributor

@step-security-bot step-security-bot commented Apr 9, 2023

Summary

This pull request is created by Secure Repo at the request of @pethers. Please merge the Pull Request to incorporate the requested changes. Please tag @pethers on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Security Fixes

Pinned Dependencies

GitHub Action tags and Docker tags are mutatble. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

Harden Runner

Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.

Harden runner usage

You can find link to view insights and policy recommendation in the build log

Please refer to documentation to find more details.

Keeping your actions up to date with Dependabot

With Dependabot version updates, when Dependabot identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).

Add Dependency Review Workflow

The Dependency Review Workflow enforces dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository.

Add OpenSSF Scorecard Workflow

OpenSSF Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project.

Scorecard workflow also allows maintainers to display a Scorecard badge on their repository to show off their hard work.

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-repo. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

@step-security-bot
[StepSecurity] Apply security best practices
00023e5 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@pethers pethers merged commit 29a3cc7 into Hack23:master Apr 9, 2023
This was referenced Nov 11, 2025
Closed
Closed
Merged
Merged
Closed
Closed
Closed
Closed
This was referenced Nov 20, 2025
Merged
Merged
Copilot AI mentioned this pull request Nov 30, 2025
Merged
10 tasks
Copilot AI mentioned this pull request Dec 4, 2025
Merged
27 tasks
Copilot AI mentioned this pull request Dec 10, 2025
Merged
24 tasks
Copilot AI added a commit that referenced this pull request Dec 11, 2025
@pethers
Fix issue number placeholders and translate remaining English text in…
08ed0f2 
… Resources section

- Updated NORDIC_ISO27001_IMPLEMENTATION_GUIDE.md: Changed placeholder [Issue Number] to actual issue #4
- Danish (DA): Translated link description to "Eksempelimplementering tilpasset 2022-standarden"
- Finnish (FI): Translated link description to "Esimerkki toteutuksesta, joka on linjassa vuoden 2022 standardin kanssa"
- Norwegian (NO): Translated link description to "Eksempelimplementering tilpasset 2022-standarden"

All pages now fully localized with no English placeholders or untranslated text.

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
This was referenced Dec 12, 2025
Merged
Merged
Copilot AI added a commit that referenced this pull request Dec 12, 2025
@pethers
Add executive summary for Issue #4 - professional translation recomme…
d55bbdd 
…ndation

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Copilot AI added a commit that referenced this pull request Dec 12, 2025
@pethers
Add comprehensive final summary for Issue #4 - complete assessment pa…
ba08a8a 
…ckage delivered

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Copilot AI added a commit that referenced this pull request Dec 13, 2025
@pethers
Complete Issue #4: Create all 12 ISO 27001 Asian translation files (1…
a0496ee 
…00%)

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
This was referenced Dec 13, 2025
Merged
Merged
Merged
Closed
Closed
Merged
Copilot AI mentioned this pull request Jan 4, 2026
Merged
Copilot AI added a commit that referenced this pull request Jan 4, 2026
@web-flow
feat(nl): Dutch 95%+ plan Phase 1&2 - Files #1-2 improved
3dcb453 
**Systematic Dutch Translation Quality Push: 90% → 92%**

Executed Dutch-95-Continuation-Plan.md Phase 1 & 2 for top 2 CRITICAL ISMS files:

## File #1: discordian-info-sec-policy_nl.html (~85% → 90%)
✅ Phase 1 - Meta Tags: COMPLETE
  - Translated title, descriptions, keywords to Dutch
  - Updated og:title, og:description
  - Translated Schema.org headline, description, keywords
  - Updated breadcrumb name

✅ Phase 2 - Hero Section: COMPLETE (already translated)
✅ Phase 3 - Body Content: PARTIALLY COMPLETE
  - Translated all 5 CIA+ Framework pillar cards:
    1. 🔒 Vertrouwelijkheid (Confidentiality)
    2. ✅ Integriteit (Integrity)
    3. 🟢 Beschikbaarheid (Availability)
    4. 💰 Bedrijfswaarde (Business Value)
    5. 🔄 Continue Verbetering (Continuous Improvement)

## File #2: discordian-access-control_nl.html (~75% → 78%)
✅ Phase 1 - Meta Tags: COMPLETE (previously done)
✅ Phase 2 - Hero Section: COMPLETE (previously done)
⚡ Phase 3 - Body Content: STARTED
  - Translated 'Five Reasons' section heading
  - Translated Card #1: '🔐 Verifieer Elk Verzoek'

## Translation Quality
✅ Professional C-level business tone maintained
✅ Technical accuracy: DevSecOps, CI/CD, ISO 27001, NIST preserved
✅ Regulatory terms: AVG (not GDPR), AP, NCSC used correctly
✅ Discordian voice preserved: 'Denk voor jezelf', FNORD references intact
✅ Terminology consistent with Dutch-Translation-Guide.md v3.1

## Progress Tracking
- Current Quality: 91-92% (improved from 90-91%)
- Target: 93-95% via systematic translation of top 5 files
- Next: Complete Phase 1 & 2 for files #3, #4, #5

## Remaining Work
⚠️ File #3: discordian-incident-response_nl.html (Phase 1 & 2 needed)
⚠️ File #4: discordian-data-protection_nl.html (Phase 1 & 2 needed)
⚠️ File #5: discordian-compliance_nl.html (Phase 1 & 2 needed)

References:
- Plan: DUTCH_95_CONTINUATION_PLAN.md
- Guide: Dutch-Translation-Guide.md v3.1
- Status: Dutch-Translation-Status.md

Co-authored-by: GitHub Copilot <noreply@github.com>
This was referenced Jan 4, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pethers pethers pethers approved these changes

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@step-security-bot @pethers