[1.1.2] Token Permissions - High warnings for SLSA generation
#850
Labels
bug
Something isn't working
Comments
|
@dbaileychess I suspect v1.1.2 release my not have the latest changes yet. You could consider using our v2 pre-release: https://github.com/ossf/scorecard-action/releases/tag/v2.0.0-alpha.2 to see if it fixes the issue. We'll be releasing the prod v2 in a week so fyi that the pre-release is stable. @laurentsimon do you know when this exception was rolled out in Scorecard? PS: moving this to the |
|
Action v1.1.2 uses scorecard v4.3.1, which did not include the fix. I was mistaken. Updating to the latest v2.0.0 should fix the problem. Can you give it a try? |
|
fyi v2 is now GA - https://github.com/ossf/scorecard-action/releases/tag/v2.0.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using version 1.1.2 and continue to get
Token Permission - Highwarnings on enabling write permissions for SLSA generation. There was a recent exemption made for SLSA, but it doesn't seem to be working.The text was updated successfully, but these errors were encountered: