As a member of the Security Team from the Eclipse Foundation, we used a tools Scorecard and StepSecurity to analyze this repo in order to push a pull request that cover some or all the following best practices below:
As a result, You will see a PR coming from StepSecurity to help to implement those fixes above which will cover a list of points below identified detected:
Add or fine tune the use of Dependabot
Pin Actions to a full length commit SHA for files Dockerfile
Please don’t hesitate and reach out if there is something unclear above.
Hi,
As a member of the Security Team from the Eclipse Foundation, we used a tools Scorecard and StepSecurity to analyze this repo in order to push a pull request that cover some or all the following best practices below:
As a result, You will see a PR coming from StepSecurity to help to implement those fixes above which will cover a list of points below identified detected:
Please don’t hesitate and reach out if there is something unclear above.
Kind Regards, Francisco Perez