Bence Nagy
Bence Nagy
bento-action doesn't work with 0.11.1 on PRs, probably because it tries to create docker containers with the same name twice, for the two scans on committed and staged code. @nbrahms...
Many of the Docker-based tools use third party images, such as `koalaman/shellcheck:v0.7.0` for shellcheck. If koalaman's Docker account were to be compromised, an attacker could push to the same tag...
`bento init`, `bento enable tool`, `bento archive`, etc. all write YAML/JSON content which does not pass prettier's default styles. I think it'd be nicer if it did, since this wastes...
Just a note that came up on a call. I think there's some confusing behavior where - `bento init` gitignores `.bento/**` globally - `bento archive` creates `.bento/archive.json` and suggests pushing...
As a user newly adding bento to a repo, I wanted to enable all the available tools to first see what it can offer and then cut down what I...
The current process involves just manually triggering one successful run of the action and then checking if it crashed at https://github.com/returntocorp/bento-action/pull/1 We should test a lot more cases: various checks,...
#### Before submitting this issue, please acknowledge that you have done the following: - [x] I've at least skimmed through the [README](https://github.com/matthieugrieger/mumbledj/blob/master/README.md) - [x] I have checked that I am...
Heya! I have these two jobs where Job B needs Job A: https://github.com/returntocorp/semgrep/blob/a9e8b90c2e3de705c54ca311b414608ffaa32ff7/.github/workflows/tests.yml#L15-L67 Both jobs do this: ```yaml uses: actions/cache@v3 with: path: ocaml-build-artifacts.tgz key: foo ``` But only Job B...
## Description Heya! I had this feature request, and figured it's easiest if I create a PR rather than an issue. Let me know if you think it's a good...
It was added in the [pip 8 release](https://pip.pypa.io/en/stable/news/?highlight=trusted-host).