Varun Sharma
Varun Sharma
*Description of changes:* This PR adds token `permissions` to the check.yml workflow. This is a security best practice as per [GitHub](https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/) and is checked by [OSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions). 1. I am...
Insights were not being generated for `raphw/byte-buddy`. On investigation it was found a change released to the Insights API yesterday had caused this. The change has been reverted for now...
I noticed here that normal logs are being shown as warnings: https://github.com/miguelnietoa/stellar_sdk/runs/7881603461?check_suite_focus=true#step:20:4 This does not happen typically and I cannot find it for other runs. Here is a typical run:...
https://github.com/microsoft/msquic/pull/2310#event-5927310870 It should not block traffic, but should warn if there are new endpoints.
Related issue: https://github.com/step-security/harden-runner/issues/137#issuecomment-1117490747
If there are outbound calls to different domains, but domains resolve to same IP, one of the domains is not included in the recommended policy. Related: https://github.com/step-security/harden-runner/issues/133
Related issue: https://github.com/step-security/harden-runner/issues/133 Calls to `coveralls.io:443` and `sonarcloud.io:443` not correlated with the right steps, and so not included in the recommended policy
https://github.com/MTRNord/matrix-art/actions/runs/1743376122
https://app.stepsecurity.io/github/jauderho/dockerfiles/actions/runs/1742696205 https://app.stepsecurity.io/github/jauderho/dockerfiles/actions/runs/1747044469