NexGenStudioDev
diff --git a/‎.github/dependabot.yml‎
Lines changed: 42 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎.github/workflows/security-audit.yml‎
Lines changed: 44 additions & 0 deletions b/‎.github/workflows/security-audit.yml‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎.github/workflows/tauri-all-platforms.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/tauri-all-platforms.yml‎
Lines changed: 3 additions & 0 deletions
@@ -0,0 +1,42 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    groups:
+      tauri-plugins:
+        patterns:
+          - "@tauri-apps/*"
+      react-ecosystem:
+        patterns:
+          - "react"
+          - "react-dom"
+          - "react-*"
+          - "@types/react*"
+      dev-tooling:
+        patterns:
+          - "eslint*"
+          - "@eslint/*"
+          - "prettier*"
+          - "typescript*"
+          - "vite*"
+          - "@vitejs/*"
+          - "tailwindcss*"
+          - "@tailwindcss/*"
+
+  - package-ecosystem: "cargo"
+    directory: "/src-tauri"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 5
@@ -0,0 +1,44 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+  schedule:
+    - cron: "0 6 * * 1"
+
+permissions:
+  contents: read
+
+jobs:
+  npm-audit:
+    name: npm audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run npm audit (production)
+        run: npm audit --omit=dev --audit-level=high
+
+  cargo-audit:
+    name: cargo audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@stable
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+
+      - name: Run cargo audit
+        run: cargo audit
+        working-directory: src-tauri
@@ -76,6 +76,9 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
+      - name: Security audit
+        run: npm audit --omit=dev --audit-level=high
+
       - name: Build and publish signed bundles
         uses: tauri-apps/tauri-action@v1
         env: