search

Cyan4973 / xxHash

Extremely fast non-cryptographic hash algorithm
http://www.xxhash.com/
Other
9.16k stars 777 forks source link

Flagging supply-chain security issues #858

Closed gabibguti closed 1 year ago

gabibguti commented 1 year ago

Flagging supply-chain security issues is important for you to be aware of where your repository is vulnerable to these attacks and act upon it. Supply-chain attacks aim for your development, build and release weaknesses. That's why using minimum permissions for actions and referencing actions by commit SHA on your GitHub workflows helps protecting you from malicious actions on GitHub, specially in build and release workflows.

In this repository, we have already worked to flag and fix a few supply-chain security issues. To flag more issues like that we can use Scorecard security tool to receive alerts in GitHub's Security Dashboard. If you agree, I can open a PR to add it.

Additional Context

Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

Cyan4973 commented 1 year ago

Sure @gabibguti , we could try it.