A curated collection of secure, production-ready CI/CD templates and GitHub Actions workflows. Accelerate your DevOps setup with built-in security scanning, artifact signing, and best practices.
- Container vulnerability scanning with Trivy
- Cosign keyless signing for supply chain security
- SBOM generation and compliance checks
- Security gates and policy enforcement
Copy-paste ready templates for:
- Secure container builds and signing
- Kubernetes deployments
- Multi-architecture builds
- Security scanning pipelines
your-username/your-project/
βββ .github/workflows/
β βββ ci.yml # β Create this file
βββ src/
βββ Dockerfile
βββ package.jsonname: π CI/CD Pipeline
on: [push]
jobs:
build-and-scan:
uses: cooler-SAI/devops-templates/.github/workflows/secure-container.yml@main
with:
image-name: your-app-name
docker-context: .