Varun Sharma

@h0x0er please investigate this. Thanks!

Hi All, I am the maintainer of step-security/secure-workflows, which is the project that hosts the StepSecurity online tool mentioned in this thread. Just wanted to let you know that Dependabot...

> Hi @varunsh-coder, thank you for dropping in and being part of the conversation. I'm just looking for consensus from people before we run this on all our repos to...

> @varunsh-coder thanks for popping up in this thread, (and thanks for your excellent work putting together the secure-workflows project! One observation as an end user is that it seems...

> > @varunsh-coder thanks for popping up in this thread, (and thanks for your excellent work putting together the secure-workflows project! One observation as an end user is that it...

Apologies for the delay in releasing the fix for the [pinning issue](https://github.com/step-security/secure-workflows/issues/1360). The part of going from vX -> vX.Y.Z is taking longer than expected. But we should have it...

On a related note to this thread, @boahc077 and I have been working with @mbarbero to onboard Eclipse orgs to a dashboard to track and improve the OpenSSF Scorecard score...

> > @gdams, @tellison, and @karianna, you should have access to it using your GitHub account. > > FYI I'm seeing access forbidden at the moment and am authenticating with...

> > Hi @varunsh-coder, thank you for dropping in and being part of the conversation. I'm just looking for consensus from people before we run this on all our repos...

I wanted to share some updates on automated remediations. https://github.com/step-security/secure-workflows now 1. Allows adding/ updating dependabot configuration based on the project's languages 2. Adds CodeQL workflow if not present and...