-
## Time
**UTC Thu 17-Aug-2023 14:00 (02:00 PM)**:
| Timezone | Date/Time |
|---------------|-----------------------|
| US / Pacific | Thu 17-Aug-2023 07:00 (07:00 AM) |
| US / Mou…
-
Hi,
I really liked this tool and was planning to start using it in my current company's project but they told me that the OpenSSF score is not high enough (4.8/10).
See here: https://deps.dev/proj…
-
### What needs to happen?
# Motivation
I'm creating this issue to bring your attention some dangerous workflow patterns currently present on your project involving the usage of `pull_request_target`…
-
**Is your feature request related to a use case or a problem you are working on? Please describe.**
I would like to suggest a security practice recommended by the [OpenSSF Scorecard][scorecard-repo…
-
### Description ###
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are vulnerable to attacks, such as t…
-
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and also raise awareness of when vulnerabilities will be confirmed, fixed and disclosed.
…
-
**Is your feature request related to a problem? Please describe.**
Referencing actions by commit SHA in workflows, guarantees you are using an immutable version. In contrast, actions referenced by ta…
-
Hello!
There are changes in your OpenSSF Scorecard report.
Please review the following changes and take action if necessary.
## Summary
There are changes in the following repositories:
| Repos…
-
I have a workflow file, which checks out the public repo and then is supposed to scan it. But, right now, it is only scanning the repo from where the the action is run. let me know, what parameter I s…
-
### Is your feature request related to a problem?
This feature request is related to improving the project's security posture. There are some best practices that could be raised and encouraged in C…