Varun Sharma

> @varunsh-coder for (1), do you already have an API we could use now? (app.stepsecurity.io/secureworkflows?q=xxx)? Not yet. I will create a work item for it. It should be doable in...

Support for point 1 has been added. The format of the website is https://app.stepsecurity.io/secureworkflow/:owner/:repo/:workflowname/:branch Here are couple of examples: https://app.stepsecurity.io/secureworkflow/caolan/async/ci.yml/master https://app.stepsecurity.io/secureworkflow/microsoft/vscode/ci.yml/main After the page loads with the fixed workflow, the...

> Looks great. Since this is for token permissions and pinning, could we disable the hardened runner for this use case? Maybe via a a `?enable=permissions,pinning` or something to this...

> > Looks great. Since this is for token permissions and pinning, could we disable the hardened runner for this use case? Maybe via a a `?enable=permissions,pinning` or something to...

> LGTM. How would you you like to proceed? Do you want to take a stab at the UI for the Action ([#1850 (comment)](https://github.com/ossf/scorecard/issues/1850#issuecomment-1106628256) and [#1850 (comment)](https://github.com/ossf/scorecard/issues/1850#issuecomment-1106730364)) or you'd like...

One of the users got redirected to app.stepsecurity.io, but it was a no-op for them. The scorecard issue says `top level 'checks' permission set to 'write'`. At the same time,...

> This thread is giving me a lot of food for thought. > > One thing I'm confident in, though -- I'm wary of having multiple flavours of IdPs: 1st...

Hi @peterwoodworth, [this file](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/aws-actions/configure-aws-credentials/action-security.yml) is part of the https://github.com/step-security/secure-workflows project and has information about token permissions needed by the `aws-actions/configure-aws-credentials` GitHub Action. When one tries to add token permissions to...

Thanks for reporting @ben-manes! I will take a look later today. It hasn’t been run with so many jobs before so might have hit an unexpected issue.

I looked into this and am getting a `too many open files` error in the backend. Will investigate and fix soon. I also noticed that one of the allowed domains...