| Package | Version | Score | Details |
|---|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
| actions/step-security/harden-runner | 95d9a5deda9de15063e7595e9719c11c38c90ae2 | 🟢 8.7 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Branch-Protection | 🟢 8 | branch protection is not maximal on development and all release branches | | CI-Tests | 🟢 10 | 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | 🟢 10 | all changesets reviewed | | Contributors | 🟢 6 | project has 2 contributing companies or organizations -- score normalized to 6 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | 🟢 10 | update tool detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Maintained | 🟢 10 | 20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | ⚠️ -1 | packaging workflow not detected | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | SAST | 🟢 10 | SAST tool is run on all commits | | Security-Policy | 🟢 10 | security policy file detected | | Signed-Releases | ⚠️ -1 | no releases found | | Token-Permissions | 🟢 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | 🟢 10 | 0 existing vulnerabilities detected |
|
Bumpsstep-security/harden-runner from 2.13.1 to 2.13.2.
Release notes
Sourced fromstep-security/harden-runner's releases.
Commits
95d9a5dMerge pull request#606 from step-security/rc-2887e429dUpdate limitations.mdef891c3feat: add support for custom vm image1fa8c8aupdate agent92c522aMerge pull request#593 from step-security/ak-readme-updates4719ad5README updates4fde639Merge pull request#591 from eromosele-stepsecurity/Updf682f2fUpdate README.mdDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)