Org-wide governance, reusable workflows, templates, and security policy for SZL Holdings.
| Path | Purpose |
|---|---|
profile/README.md |
Org profile shown at https://github.com/szl-holdings |
.github/ISSUE_TEMPLATE/ |
Default issue templates cascaded to every repo without its own |
.github/PULL_REQUEST_TEMPLATE.md |
Default PR template |
.github/workflows/ |
11 reusable workflows — see WORKFLOWS.md |
.github/dependabot.yml |
Weekly dependency updates for this repo |
.github/CODEOWNERS |
Org-default ownership |
templates/ |
Copy-paste templates for product repos (README, CONTRIBUTING, CODE_OF_CONDUCT, SECURITY) |
security.txt |
RFC 9116 disclosure record (canonical copy; deploy under /.well-known/security.txt) |
SECURITY.md · CONTRIBUTING.md · CODE_OF_CONDUCT.md · SUPPORT.md |
Org-default community docs |
CITATION.cff |
Citation metadata |
assets/social/ |
1280×640 social-preview banners ready for upload via Settings → General → Social preview |
Eleven SHA-pinned, harden-runner-protected workflows that every product repo can call:
jobs:
codeql:
uses: szl-holdings/.github/.github/workflows/reusable-codeql.yml@<commit-sha>| Workflow | What it does |
|---|---|
reusable-codeql.yml |
CodeQL static analysis (JS, TS, Python) |
reusable-dependency-review.yml |
Block PRs that introduce vulnerable deps |
reusable-trivy.yml |
Filesystem + container vuln scanning |
reusable-gitleaks.yml |
Secret scanning on every PR / push |
reusable-secret-scan.yml |
TruffleHog-style verified-secret scan |
reusable-sbom.yml |
CycloneDX SBOM per release |
reusable-scorecard.yml |
OpenSSF Scorecard re-run + badge publish |
reusable-workflow-lint.yml |
actionlint + zizmor lint on all workflows |
reusable-release-please.yml |
Conventional-commits release automation |
reusable-node-ci.yml |
Node lint + typecheck + test matrix |
reusable-docs-ci.yml |
Markdown lint + link-check for docs repos |
All Actions are SHA-pinned and wrapped with step-security/harden-runner using a deny-by-default egress policy. See WORKFLOWS.md for inputs, secrets, and per-workflow examples.
- Private vulnerability reporting: security policy
- Email:
security@szlholdings.com - Canonical RFC 9116 record:
security.txt - Org-wide: branch protection rulesets, signed-commit enforcement, CODEOWNERS, OpenSSF Scorecard
- Live status: 0 open Dependabot · 0 open secret-scanning · 0 open CodeQL
- Conventional Commits (
feat:,fix:,chore:,docs:,ci:,refactor:,test:) - Squash-merge into
main; release automation handled byrelease-please - All PRs run reusable security suite before merge
Apache-2.0 for this repo. Product repos under SZL Holdings may use different licenses — see each repo's LICENSE.
© 2026 SZL Holdings — github.com/szl-holdings · ORCID 0009-0001-0110-4173
The 13 substrate repos cross-link reciprocally. This footer is maintained by GH Admin #1 (org-wide).
a11oy— vertical alignment substrate (policy · measurement · knowledge · QEC-integrity)amaru— Shor-encoded receipt minting (Cardano-anchored)rosie— CSS-ingress receipt orchestrationsentra— Kitaev-surface drift detection on audit fibersuds-mesh— UDS span schemas + governance receiptslutar-lean— Lean 4 + Mathlib v4.13.0 kernel proofs (32 GREEN modules)ouroboros— bounded-recursion runtimeouroboros-thesis— DOI-pinned thesis substrate (v3 → v18)platform— composing monorepo (76 packages, 1,220 tests)szl-brand— anatomy + visual doctrine (PDFs hosted in-repo)szl-cookbook— governed-AI recipesagi-forecast— PAC-Bayes + Bekenstein governance-trajectory forecastsvsp-otel— OpenTelemetry exporter for Λ-axis spans
Org page: github.com/szl-holdings · Doctrine v6 · 11 axioms · 32 GREEN modules · v18.0 DOI 10.5281/zenodo.20434276