Skip to content

Commit

Permalink
1.Add the check Dangerous-Workflow
Browse files Browse the repository at this point in the history
2.Fix the typo of rubygems
  • Loading branch information
dota17 authored and naveensrinivasan committed Dec 1, 2021
1 parent f9b9773 commit 6a7e314
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,7 @@ Tests that are rated as “High” risk are:
* Signed-Releases
* Token-Permissions
* Vulnerabilities
* Dangerous-Workflow

Tests that are rated as “Medium” risk are:
* Fuzzing
Expand Down Expand Up @@ -356,6 +357,7 @@ CI-Tests | Does the project run tests in CI, e.g. [GitHub Act
CII-Best-Practices | Does the project have a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)?
Code-Review | Does the project require code review before code is merged?
Contributors | Does the project have contributors from at least two different organizations?
Dangerous-Workflow | Does the project have GitHub Action workflows avoid dangerous patterns?
Dependency-Update-Tool | Does the project use tools to help update its dependencies?
Fuzzing | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)?
Maintained | Is the project maintained?
Expand Down
2 changes: 1 addition & 1 deletion cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ const (
const (
scorecardLong = "A program that shows security scorecard for an open source software."
scorecardUse = `./scorecard [--repo=<repo_url>] [--local=folder] [--checks=check1,...]
[--show-details] [--policy=file] or ./scorecard --{npm,pypi,rubgems}=<package_name>
[--show-details] [--policy=file] or ./scorecard --{npm,pypi,rubygems}=<package_name>
[--checks=check1,...] [--show-details] [--policy=file]`
scorecardShort = "Security Scorecards"
)
Expand Down

0 comments on commit 6a7e314

Please sign in to comment.