Closed pdxjohnny closed 3 months ago
--no-deps
with -e
{
"ruleId": "PinnedDependenciesID",
"ruleIndex": 4,
"message": {
"text": "score is 5: pipCommand not pinned by hash\nClick Remediation section below to solve this issue"
},
"locations": [
{
"physicalLocation": {
"region": {
"startLine": 27,
"endLine": 27,
"snippet": {
"text": "python3 -m pip install -e .[dev]"
}
},
"artifactLocation": {
"uri": "operations/nlp/Dockerfile",
"uriBaseId": "%SRCROOT%"
}
},
"message": {
"text": "pipCommand not pinned by hash"
}
}
]
}
TODO
https://github.com/ossf/scorecard/blob/7ce8609469289d5f3b1bf5ee3122f42b4e3054fb/docs/checks.md#pinned-dependencies