Feat: COM-3415 Prepare the project for conversion to open source

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+- package-ecosystem: "npm"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+    time: "08:00"
+    timezone: "Europe/Moscow"
+  open-pull-requests-limit: 10
+  target-branch: "dependabot-update"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,27 @@
+name: 'CodeQL'
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: '40 3 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: typescript
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/deploy.yml

@@ -23,11 +23,11 @@ jobs:
 
       - name: Install dependencies
         working-directory: csssr_images
-        run: npm ci
+        run: yarn install --frozen-lockfile
 
       - name: Build
         working-directory: csssr_images
-        run: npm run build-example
+        run: yarn run build-example
         env:
           HOST: http://master.csssr-images.csssr.cloud
           IMGPROXY_HOST: https://images.csssr.com

SECURITY.md

@@ -8,6 +8,6 @@
 
 ## Reporting a Vulnerability
 
-Please report (suspected) security vulnerabilities to [email protected]. Use https://github.com/qtm.gpg to encrypt your message.
+Please report (suspected) security vulnerabilities to [email protected]. Use https://github.com/qtm.gpg to encrypt your message if required.
 You will receive a response from us when we get to the issue. If the issue is confirmed, we will release a patch as soon as possible depending on complexity.
 Thank you!