Open monperrus opened 2 months ago
For future reference (to-self), this refers to the following bullet points
Good suggestion by @AEnguerrand
it is possible to integrate dirty waters, perhaps through a GitHub Action, which could be made available on the marketplace (https://docs.github.com/en/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace).
once a supply chain is made fully transparent, this should be ensured in CI
if dirty-waters finds a high severity warning, we break the build and block the integration in master