chore: Enable OpenSSF Scorecard #2379
Conversation
Signed-off-by: Matthieu MOREL <[email protected]>
mmorel-35
force-pushed
the
ossf-scorecard
branch
from
4ad36da to
6975769
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2379 +/- ##
==========================================
- Coverage 64.67% 64.62% -0.05%
==========================================
Files 114 114
Lines 16618 16618
==========================================
- Hits 10747 10740 -7
- Misses 5193 5199 +6
- Partials 678 679 +1 ☔ View full report in Codecov by Sentry. |
|
cc @phlax |
| @@ -19,7 +19,7 @@ jobs: | |||
| echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |||
|
|
|||
| - name: Login to DockerHub | |||
| uses: docker/login-action@v3 | |||
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |||
There was a problem hiding this comment.
why changes all these? will depbot update this later?
There was a problem hiding this comment.
its more secure to reference them by hash rather than by version - but we still need the version for dependabot so its added as a comment
There was a problem hiding this comment.
LGTM thanks !
looks like the same diff has been working well in Envoy Proxy
https://github.com/envoyproxy/envoy/blob/main/.github/workflows/scorecard.yml
|
@mmorel-35 need more work? |
|
Just needed to be executed first on the targeted repository. I see the score now .5.9 This needs some more work indeed! |
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #2347
Signed-off-by: Matthieu MOREL [email protected]