Naveen issues

Results 185 issues of


                                            Naveen

security(workflows): Set permissions for GitHub actions

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Restrict the GitHub token permissions only to the required...

help wanted

👀 Needs Review

go-fuzz-build fails for cuelang.org with 'failed to parse int literal ... value out of range' for very large number

The go-fuzz-build fails with this. `failed to parse int literal '1000000000000000000000000000000000000000000000000000000000000000': strconv.ParseUint: parsing "1000000000000000000000000000000000000000000000000000000000000000": value out of range` I am guessing probably in this line. https://github.com/dvyukov/go-fuzz/blob/b1f3d6f4ef4e0fab65fa66f9191e6b115ad34f31/go-fuzz-build/cover.go#L427 Any idea as to...

chore: Set permissions for GitHub actions

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. -...

CLA Signed

chore(deps): Included dependency review

> Dependency Review GitHub Action in your repository to enforce dependency > reviews on your pull requests. > The action scans for vulnerable versions of dependencies introduced by package version...

Consider moving to a distroless image

https://github.com/GoogleContainerTools/distroless#why-should-i-use-distroless-images Restricting what's in your runtime container to precisely what's necessary for your app is a best practice employed by Google and other tech giants that have used containers in...

chore: Included githubactions in the dependabot config

This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure. Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot GitHub...

chore: Set permissions for GitHub actions

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. -...

Enabled dsse checks for sigstore

chore: Included githubactions in the dependabot config

chore: Enable codeql action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql https://github.com/ossf/scorecard/blob/main/docs/checks.md#sast Signed-off-by: naveen