canmove, Confirmed users
2,239
edits
GitHub/Repository Security/GitHub Workflows & Actions: Difference between revisions
GitHub/Repository Security/GitHub Workflows & Actions (view source)
Revision as of 09:59, 22 October 2025
, 22 October 2025→Scanning Tools: correct misspelled word
m (Adding notes on github output parameters) |
m (→Scanning Tools: correct misspelled word) |
||
| Line 48: | Line 48: | ||
=== Scanning Tools === | === Scanning Tools === | ||
* [https://github.com/ossf/scorecard-action OSSF Scorecard] action will | * [https://github.com/ossf/scorecard-action OSSF Scorecard] action will detect unsafe workflows. Note that some findings are “stricter” than our recommendations. Please evaluate the benefit before adopting a “get to zero reported findings”. Recommendations: | ||
** Set <code>publish_results</code> to <code>false</code>. This is a manual step if you follow the [https://github.com/ossf/scorecard-action?tab=readme-ov-file#workflow-setup-required installation instructions]. | ** Set <code>publish_results</code> to <code>false</code>. This is a manual step if you follow the [https://github.com/ossf/scorecard-action?tab=readme-ov-file#workflow-setup-required installation instructions]. | ||
** “Must correct” findings as of 2024-06-12 include | ** “Must correct” findings as of 2024-06-12 include | ||