Decouples security scanning analysis and add FOSSA

[leordev]

• We are decoupling the security scanning to be able to run security checks on approved forks
• Plus, taking the opportunity to add FOSSA because we are assessing their security tooling and SBOMs generation

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[changeset-bot]

⚠️ No Changeset found

Latest commit: bb27f1e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[KendallWeihe]

👀

[KendallWeihe]

So we're doing both Snyk and FOSSA? There is overlap there, yeah? But I presume they both offer their own distinct value-adds

[leordev]

So we're doing both Snyk and FOSSA? There is overlap there, yeah? But I presume they both offer their own distinct value-adds

Yes! They overlap but we are experimenting both to decide which one to adopt, or either move on with both for having double security layers. FOSSA provides SBOMs and Rust, Snyk provides advanced static analysis... So we are playing with both things!