Canlin Guo
Canlin Guo
#### 问题详细描述 Detailed description of the problem # Dear RePlugin Maintainers, Firstly, I want to express my sincere appreciation for your contributions to RePlugin. This is an outstanding open-source project...
Hi! I noticed that some GitHub Actions have already been pinned to specific commit hashes, which is great. However, a few actions are still missing pins. I've also added a...
**Summary** This PR fixes the `token permissions` and `unpinned dependency` according [OpenSSF scorecard](https://scorecard.dev/viewer/?uri=github.com/niklasvh/html2canvas). The versions `v1` to `v3` of the action `upload-artifact` is depecated, which had been replaced in my...
Hi! I create a workflow for CI, which will help you build and test the whole project before merging new codes. I have tested it in my repo and didn't...
#### What kind of change does this PR introduce? feature - [x] PR title follows the guidelines defined in our [pull request documentation](https://github.com/ossf/scorecard/blob/main/CONTRIBUTING.md#pr-process) #### What is the current behavior? The...
Is anyone interested in adding [MCP protocol](https://modelcontextprotocol.io/) support to Scorecard? I believe this could be a valuable enhancement — it would enable large language models (LLMs) to assess the security...
I deployed scorecard as a service by `./scorecard serve`. I send a HTTP request to the port, but it returns the json whose `details` field is null. And I check...
| Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | no | RFC | no |...
Notice that lack of explicit token permissions in `check.yml`, this pull request help fix it, that's consitent with the other workflow `release.yml`
Related to #197, I add the scorecard and dependabot workflows. [Scorecard](https://github.com/ossf/scorecard) helps automatically assess and improve project security and quality with every code change.