From b13bb26115d1bacc27a0d0a0ac3de2c259663636 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?=
 <i-oden@users.noreply.github.com>
Date: Mon, 9 Jan 2023 11:54:11 +0100
Subject: [PATCH] explanation

---
 .github/workflows/codeql-cli.yml | 10 ++++++++++
 .github/workflows/trivy-cli.yml  |  5 +++++
 2 files changed, 15 insertions(+)

diff --git a/.github/workflows/codeql-cli.yml b/.github/workflows/codeql-cli.yml
index 0b2afb9f5..b0c13466b 100644
--- a/.github/workflows/codeql-cli.yml
+++ b/.github/workflows/codeql-cli.yml
@@ -1,3 +1,13 @@
+# CodeQL analysis:
+# CodeQL is the analysis engine used by developers to automate security checks,
+# and by security researchers to perform variant analysis.
+# In CodeQL, code is treated like data. Security vulnerabilities, bugs,
+# and other errors are modeled as queries that can be executed against databases
+# extracted from code. You can run the standard CodeQL queries, written by GitHub
+# researchers and community contributors, or write your own to use in custom analyses.
+# Queries that find potential bugs highlight the result directly in the source file.
+# https://codeql.github.com/docs/codeql-overview/about-codeql/
+# ----------------------------------------------------------------------------
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
diff --git a/.github/workflows/trivy-cli.yml b/.github/workflows/trivy-cli.yml
index 84600d831..d48456202 100644
--- a/.github/workflows/trivy-cli.yml
+++ b/.github/workflows/trivy-cli.yml
@@ -1,3 +1,8 @@
+# Trivy:
+# Trivy (pronunciation) is a comprehensive and versatile security scanner.
+# Trivy has scanners that look for security issues, and targets where it can find those issues.
+# https://github.com/aquasecurity/trivy
+# ---------------------------------
 name: Trivy
 on:
   push: