scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard

Published 20 hours ago verified publisher icon ossf

Support Makefiles in `dependency-pinning` check

Open laurentsimon opened this issue 4 years ago • 0 comments

We currently check for the presence of curl | bash and other unpinned dependency patterns for shell scripts in the repo, in GitHub workflows' run, dockerfiles' RUN.

We need to do the same for Makefiles, see https://github.com/ossf/scorecard/issues/427#issuecomment-839175421

laurentsimon avatar Aug 23 '21 17:08 laurentsimon