Open
Description
openedon Aug 8, 2024
OpenSSF Scorecard is configured on this repository, but it only runs periodically and generates reports like this one (inserting screen shots since these alerts are not publicly viewable):
It would be better if we could block PRs if they fail this check.
Mentoring instructions
Interested in contributing? See our contributing guide.
- Figure out how to run the Pinned-Dependency check in CI
- Ensure all dependencies reported by this check are pinned
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment