search

advanced-security / secret-scanning-review-action

Action to detect if a secret is initially detected in a PR commit
MIT License
12 stars 3 forks source link

Adds a python runtime and updates docs #31

Closed CallMeGreg closed 1 day ago

CallMeGreg commented 1 month ago

This pull request introduces documentation improvements, a new runtime option, and the addition of a Python script equivalent to the existing PowerShell script.

Closes https://github.com/advanced-security/secret-scanning-review-action/issues/29

github-actions[bot] commented 1 month ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1dd3c0a55058e315c700f0b8bff0abb4b572d710.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/Requests 2.32.3 :green_circle: 8.6
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1016 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Security-Policy:green_circle: 10security policy file detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies:green_circle: 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:green_circle: 10SAST tool is run on all commits

Scanned Manifest Files

requirements.txt
  • Requests@2.32.3
felickz commented 1 month ago

Added a v2.0.0-python prerelease