Setup scorecard workflow #8127
Closed
Setup scorecard workflow #8127
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/kind changelog-not-required |
github-actions
bot
added
the
kind/changelog-not-required
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8127 +/- ##
==========================================
- Coverage 59.02% 59.01% -0.01%
==========================================
Files 364 364
Lines 30272 30270 -2
==========================================
- Hits 17867 17864 -3
- Misses 10959 10960 +1
Partials 1446 1446 ☔ View full report in Codecov by Sentry. |
kaovilai
reviewed
Aug 20, 2024
| jobs: | ||
| # Build the Velero CLI and image once for all Kubernetes versions, and cache it so the fan-out workers can get it. | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out the code | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
usually @ v4 should auto upgrade to latest. Is the # v4.1.7 here a manual comment? or something generated?
There was a problem hiding this comment.
Yes the V4 auto upgrade to the latest and that's what is identify as a vulnerability.
The # v4.1.7 is a comment that will be updated by dependabot when it creates it's upgrade PR
blackpiglet
added
kind/changelog-not-required
blackpiglet
reviewed
Aug 20, 2024
blackpiglet
reviewed
Aug 20, 2024
blackpiglet
reviewed
Aug 20, 2024
Apply security best practices Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
kaovilai
approved these changes
Aug 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Apply security best practices
Thank you for contributing to Velero!
Please add a summary of your change
Setup scorecard workflow ans follow their recommations concerning (with the help of https://app.stepsecurity.io/secureworkflow)
Does your change fix a particular issue?
Fixes #(issue)
Please indicate you've done the following:
/kind changelog-not-requiredas a comment on this pull request.site/content/docs/main.