diff --git a/.idea/.name b/.idea/.name
new file mode 100644
index 0000000000..700565b92d
--- /dev/null
+++ b/.idea/.name
@@ -0,0 +1 @@
+modules.xml
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000000..89ee75358b
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000000..da3130baae
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/starter-workflows.iml b/.idea/starter-workflows.iml
new file mode 100644
index 0000000000..d6ebd48059
--- /dev/null
+++ b/.idea/starter-workflows.iml
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000000..35eb1ddfbb
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000000..0277beb02e
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,55 @@
+
+
+
+
+
+
+
+
+
+
+
+
+ {
+ "associatedIndex": 2
+}
+
+
+
+
+
+ {
+ "keyToString": {
+ "ModuleVcsDetector.initialDetectionPerformed": "true",
+ "RunOnceActivity.ShowReadmeOnStart": "true",
+ "RunOnceActivity.git.unshallow": "true",
+ "git-widget-placeholder": "main",
+ "nodejs_package_manager_path": "npm",
+ "vue.rearranger.settings.migration": "true"
+ }
+}
+
+
+
+
+
+
+
+
+
+
+
+ 1751108728985
+
+
+ 1751108728985
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/code-scanning/checkov.yml b/code-scanning/checkov.yml
new file mode 100644
index 0000000000..ef6d175093
--- /dev/null
+++ b/code-scanning/checkov.yml
@@ -0,0 +1,58 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# Checkov is a static code analysis tool for infrastructure as code (IaC).
+# It scans Terraform, CloudFormation, Kubernetes, Helm, ARM templates,
+# Bicep, Dockerfiles, and more for security and compliance misconfigurations.
+#
+# Documentation: https://www.checkov.io/
+# Getting started: https://www.checkov.io/1.Welcome/Quick%20Start.html
+
+name: Checkov
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+permissions:
+ contents: read
+
+jobs:
+ checkov:
+ name: Scan
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Run Checkov
+ uses: bridgecrewio/checkov-action@4048c972aae68d0b983a48bb3479aab2d877b898
+ with:
+ # Scan the entire repository. Narrow this down to a specific
+ # directory if your IaC files live in a subdirectory, e.g.:
+ # directory: terraform/
+ directory: .
+ # Emit results in SARIF format for upload to the Security tab.
+ output_format: sarif
+ output_file_path: checkov-results.sarif
+ # Prevent the step from failing the workflow so that SARIF results
+ # are always uploaded, even when issues are found.
+ soft_fail: true
+
+ - name: Upload Checkov scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v3
+ if: always()
+ with:
+ sarif_file: checkov-results.sarif
diff --git a/code-scanning/properties/checkov.properties.json b/code-scanning/properties/checkov.properties.json
new file mode 100644
index 0000000000..7a0c6b5ca3
--- /dev/null
+++ b/code-scanning/properties/checkov.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Checkov",
+ "creator": "Bridgecrew",
+ "description": "Scan infrastructure as code (Terraform, CloudFormation, Kubernetes, Helm, Dockerfiles, and more) for security and compliance misconfigurations.",
+ "iconName": "checkov",
+ "categories": ["Code Scanning", "terraform", "kubernetes", "dockerfile", "cloudformation", "helm"]
+}