vbakke
diff --git a/‎.github/dependabot.yml‎
Lines changed: 15 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎.github/workflows/automerge.yaml‎
Lines changed: 27 additions & 0 deletions b/‎.github/workflows/automerge.yaml‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎.github/workflows/depoy.yml‎
Lines changed: 2 additions & 3 deletions b/‎.github/workflows/depoy.yml‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎.github/workflows/main.yml‎
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/main.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/stale.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/stale.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.releaserc.json‎
Lines changed: 1 addition & 1 deletion b/‎.releaserc.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile‎
Lines changed: 11 additions & 8 deletions b/‎Dockerfile‎
Lines changed: 11 additions & 8 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
@@ -0,0 +1,27 @@
+# name: Dependabot Auto-merge
+# on:
+#   pull_request:
+#     types: [opened, synchronize, reopened]
+
+# permissions:
+#   contents: write
+#   pull-requests: write
+
+# jobs:
+#   dependabot-automerge:
+#     runs-on: ubuntu-latest
+#     if: github.actor == 'dependabot[bot]'
+#     steps:
+#       - name: Dependabot metadata
+#         id: metadata
+#         uses: dependabot/fetch-metadata@v1
+#         with:
+#           github-token: "${{ secrets.GITHUB_TOKEN }}"
+      
+#       - name: Auto-merge minor and patch updates
+#         if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+#         run: |
+#           gh pr merge --auto --squash "$PR_URL"
+#         env:
+#           PR_URL: ${{ github.event.pull_request.html_url }}
+#           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -14,11 +14,10 @@ jobs:
       - name: "Set Heroku app & branch for ${{ github.ref }}"
         run: |
           echo $GITHUB_REF
-          if [ "$GITHUB_REF" == "refs/heads/master" ]; then
+          if [ "$GITHUB_REF" == "refs/heads/main" ]; then
             echo "HEROKU_APP=" >> $GITHUB_ENV
-            echo "HEROKU_BRANCH=master" >> $GITHUB_ENV
           fi
-          echo "HEROKU_BRANCH=master" >> $GITHUB_ENV
+          echo "HEROKU_BRANCH=main" >> $GITHUB_ENV
       - name: Install Heroku CLI
         run: |
           curl https://cli-assets.heroku.com/install.sh | sh 
 
@@ -2,7 +2,7 @@ name: CI
 
 on:
   push:
-    branches: [master]
+    branches: [main]
   workflow_dispatch:
   schedule:
     - cron: "0 7 * * *"
@@ -23,7 +23,7 @@ jobs:
       - name: Semantic Release
         uses: cycjimmy/semantic-release-action@v4
         with:
-          branch: 'master'
+          branch: 'main'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Get Semantic Release Version
@@ -61,19 +61,19 @@ jobs:
         env:
           GITHUB_TOKEN: ${{secrets.ACCESS_TOKEN}}
   heroku:
-    if: github.repository == 'devsecopsmaturitymodel/DevSecOps-MaturityModel' && github.event_name == 'push' && github.ref == 'refs/heads/master'
+    if: github.repository == 'devsecopsmaturitymodel/DevSecOps-MaturityModel' && github.event_name == 'push' && github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
       - name: "Check out Git repository"
         uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
       - name: "Set Heroku app & branch for ${{ github.ref }}"
         run: |
           echo $GITHUB_REF
-          if [ "$GITHUB_REF" == "refs/heads/master" ]; then
+          if [ "$GITHUB_REF" == "refs/heads/main" ]; then
             echo "HEROKU_APP=" >> $GITHUB_ENV
-            echo "HEROKU_BRANCH=master" >> $GITHUB_ENV
+            echo "HEROKU_BRANCH=main" >> $GITHUB_ENV
           fi
-          echo "HEROKU_BRANCH=master" >> $GITHUB_ENV
+          echo "HEROKU_BRANCH=main" >> $GITHUB_ENV
       - name: Install Heroku CLI
         run: |
           curl https://cli-assets.heroku.com/install.sh | sh 
 
@@ -17,7 +17,7 @@ jobs:
             recent activity. :calendar: It will be _closed automatically_ in two weeks if no further activity occurs.
           close-issue-message: This issue was closed because it has been stalled for 7 days with no activity.
           close-pr-message: This PR was closed because it has been stalled for 20 days with no activity.
-          days-before-stale: 20
+          days-before-stale: 35
           days-before-close: 7
           days-before-pr-close: 20
           exempt-issue-labels: 'critical,technical debt'
 
@@ -1,5 +1,5 @@
 {
-  "branch": "master",
+  "branch": "main",
   "plugins": [
     [
       "@semantic-release/commit-analyzer",
 
@@ -1,17 +1,20 @@
-FROM node:18.7-alpine AS build
+FROM node:24.7.0-alpine3.22 AS build
 
 WORKDIR /usr/src/app
 COPY package.json package-lock.json ./
-RUN apk add --upgrade python3 build-base \
- && npm install
+
+RUN apk add --upgrade python3 build-base py3-setuptools py3-pip && \
+    pip3 install setuptools \
+    && npm install
 COPY . .
-RUN npm run build
+RUN npm run build --configuration=production
+
 
-FROM wurstbrot/dsomm-yaml-generation as yaml
+FROM wurstbrot/dsomm-yaml-generation:1.16.0 AS yaml
 
-FROM caddy
-ENV PORT 8080
+FROM caddy:2.10.2
+ENV PORT=8080
 
 COPY Caddyfile /etc/caddy/Caddyfile
 COPY --from=build ["/usr/src/app/dist/dsomm/", "/srv"]
-COPY --from=yaml ["/var/www/html/src/assets/YAML/generated/generated.yaml", "/srv/assets/YAML/generated/generated.yaml"]
+COPY --from=yaml ["/var/www/html/src/assets/YAML/generated/generated.yaml", "/srv/assets/YAML/generated/generated.yaml"]
@@ -121,15 +121,15 @@ yarn build
 The definition of the activities are in the [data-repository](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data). 
 
 ## Teams and Groups
-To customize these teams, you can create your own [meta.yaml](src/assets/meta.yaml)  file with your unique team definitions.
+To customize these teams, you can create your own [meta.yaml](src/assets/YAML/meta.yaml)  file with your unique team definitions.
 
 Assessments within the framework can be based on either a team or a specific application, which can be referred to as the context. Depending on how you define the context or teams, you may want to group them together.
 
 Here are a couple of examples to illustrate this, in breakers the DSOMM word:
 - Multiple applications (teams) can belong to a single overarching team (application).
 - Multiple teams (teams) can belong to a larger department (group).
 
-Feel free to create your own [meta.yaml](src/assets/meta.yaml) file to tailor the framework to your specific needs and mount it in your environment (e.g. kubernetes or docker).
+Feel free to create your own [meta.yaml](src/assets/YAML/meta.yaml) file to tailor the framework to your specific needs and mount it in your environment (e.g. kubernetes or docker).
 Here is an example to start docker with customized meta.yaml:
 ```
 # Customized meta.yaml
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "branch": "master",`
	`2`	`+ "branch": "main",`
`3`	`3`	`"plugins": [`
`4`	`4`	`[`
`5`	`5`	`"@semantic-release/commit-analyzer",`