Refactor workflow triggers in CodeQL, Dependency Review, and Security Pipeline YAML files

timothywarner · timothywarner · commit 2f2e718387d7 · 2025-12-05T20:39:10.000-06:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -5,7 +5,6 @@
 
 name: CodeQL
 
-on:
   push:
     branches: [main]
   pull_request:
@@ -14,6 +13,7 @@ on:
     - cron: '0 0 * * 0'
   workflow_dispatch:
 
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -2,10 +2,10 @@
 # ==================
 # Scans pull requests for dependency changes and alerts on known vulnerabilities
 # Documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review
-
 name: Dependency Review
 
 on:
+
   pull_request:
     branches: [main, develop]
   workflow_dispatch:
diff --git a/.github/workflows/security-pipeline.yml b/.github/workflows/security-pipeline.yml
@@ -3,7 +3,6 @@
 # Comprehensive security scanning for the GitHub Copilot Cybersecurity course
 # Course: GitHub Copilot for Cybersecurity Specialists
 #
-# Features:
 # - Secret detection (TruffleHog, GitLeaks)
 # - Dependency scanning (npm audit, Snyk)
 # - SAST (CodeQL, Semgrep)
@@ -18,6 +17,7 @@ on:
     branches: [main, develop]
   pull_request:
     branches: [main]
+
   schedule:
     # Run security scans daily at 6 AM UTC
     - cron: '0 6 * * *'
