Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📖 Add the check Dangerous-Workflow #1341

Merged
merged 1 commit into from
Dec 1, 2021
Merged

📖 Add the check Dangerous-Workflow #1341

merged 1 commit into from
Dec 1, 2021

Conversation

dota17
Copy link
Contributor

@dota17 dota17 commented Nov 27, 2021

2.Fix the typo of rubygems

  • Please check if the PR fulfills these requirements

  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
    docs update

  • What is the current behavior? (You can also link to an open issue here)
    ✨ Add dangerous workflow check with untrusted code checkout pattern #1168

  • What is the new behavior (if this is a feature change)?

  • Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)

  • Other information:

@dota17
1.Add the check Dangerous-Workflow
4b5cae5 
2.Fix the typo of rubygems
asraa
asraa approved these changes Nov 29, 2021
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

asraa
asraa reviewed Nov 29, 2021
View reviewed changes
README.md
@@ -356,6 +357,7 @@ CI-Tests | Does the project run tests in CI, e.g. [GitHub Act
CII-Best-Practices | Does the project have a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)?
Code-Review | Does the project require code review before code is merged?
Contributors | Does the project have contributors from at least two different organizations?
Dangerous-Workflow | Does the project have GitHub Action workflows avoid dangerous patterns?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:
"Does the project have GitHub Action workflows that avoid dangerous patterns?"

@dota17 dota17 temporarily deployed to integration-test December 1, 2021 13:31 Inactive
@github-actions
Copy link

github-actions bot commented Dec 1, 2021

Integration tests success for
[4b5cae5]
(https://github.com/ossf/scorecard/actions/runs/1509994487)

@naveensrinivasan naveensrinivasan changed the title 1.Add the check Dangerous-Workflow 📖 Add the check Dangerous-Workflow Dec 1, 2021
@naveensrinivasan naveensrinivasan merged commit 6a7e314 into ossf:main Dec 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asraa asraa asraa approved these changes

@naveensrinivasan naveensrinivasan naveensrinivasan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dota17 @naveensrinivasan @asraa