Kapil Thangavelu
Kapil Thangavelu
I'll note the warning here would also be addressed by https://github.com/slsa-framework/slsa-github-generator/pull/2864
Thanks for the pull request! If you don't mind could you sign the Linux Foundation/CNCF CLA referenced in the other comment.
ping @AntonioDeJesus re cla
this article has some good content re setting up a python dev container https://xebia.com/blog/how-to-create-a-devcontainer-for-your-python-project/
context https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-kinesis-data-streams-cross-account-access-aws-lambda/
the link doesn't seem to work for me 
going through the score card via running the cli, its clear that the sast is only checking the use of commercial services like codeql and sonarqube, which is questionable. https://github.com/ossf/scorecard/issues/2318...
> > going through the score card via running the cli, its clear that the sast is only checking the use of commercial services like codeql and sonarqube, which is...
the `older-than` is probably the closest extant approximation to this, ie. delete versions older than a 100 days old etc.
probably needs a dedicated filter to normalize iam statement construction, terraform does perform normalization if the statements are inline in hcl, but an arbitrary iam json policy document can be...