Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

feat: Add security-gates and update README#59

Closed
emrecanvurallll wants to merge3 commits intomasterfromadd-security-gates

Conversation

emrecanvurallll
Copy link

This PR adds security-gates workflow and updates README with OpenSSF Scorecard badge.

@github-advanced-security

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear onthis overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check outthe documentation.

retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@v3

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 2: GitHub-owned GitHubAction not pinned by hash
Click Remediation section below to solve this issue
@@ -0,0 +1,21 @@
name: Security Gates

Check failure

Code scanning / Scorecard

Token-Permissions High

score is 0: no topLevel permission defined
Remediation tip: Visithttps://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visithttps://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help
permissions:
actions: read
contents: read
security-events: write

Check failure

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'security-events' permission set to 'write'
Remediation tip: Verify which permissions are needed and consider whether you can reduce them.
Click Remediation section below for further remediation help
@emrecanvurallllemrecanvurallll deleted the add-security-gates branchJanuary 29, 2025 12:47
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

1 participant
@emrecanvurallll
[8]ページ先頭
©2009-2025 Movatter.jp