laurentsimon
laurentsimon
See https://goreleaser.com/customization/nfpm/
We don't support variables like `${{.Version}}`, `${{.Branch}}`, `${{.Commit}}`, `${{.Tag}}` today, so we should add support for it
I really like the idea of sharing security audit reports: it's both useful to 1) learn common mistakes to avoid and 2) assess the security practices of projects. I work...
Organizations and users may want to enable an action at scale on multiple repos. This requires 1. creating a PAT 2. saving as secrets in each repo 3. Creating pull...
See title
Some ideas - [ ] criticality of checks for Action prioritization. Requires https://github.com/ossf/scorecard/issues/1874 - [ ] Ignore checks - [ ] Ignore paths - [ ] https://github.com/ossf/scorecard-action/issues/143 (see also https://github.com/github/codeql-action/issues/986#issuecomment-1171269954)
We currently have criticality for checks. However, within a check, severity may vary. For example, `contents: write` is more critical than `status: write`, for example. I think it's feasible to...
- [ ] Re-use existing issue instead of creating new one (Disable gostaging until this is done: we're inundated with issues otherwise) - [x] Verify push/dispatch_workflow work properly - [...
steps: 1. cut a scorecard release and wait for a container image to be created and tagged with new release. Note the hash of the container as `CH1`. Note: we...
Add debug/verbose option to help troubleshoot problems