chains-project / dirty-waters

automatically detect software supply chain smells and issues
https://pypi.org/project/dirty-waters/
MIT License
12 stars 1 forks source link

add support for checking transparency in CI #9

Open monperrus opened 2 months ago

monperrus commented 2 months ago

once a supply chain is made fully transparent, this should be ensured in CI

if dirty-waters finds a high severity warning, we break the build and block the integration in master

randomicecube commented 1 month ago

For future reference (to-self), this refers to the following bullet points

monperrus commented 3 weeks ago

Good suggestion by @AEnguerrand

it is possible to integrate dirty waters, perhaps through a GitHub Action, which could be made available on the marketplace (https://docs.github.com/en/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace).