taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 06:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: pin dependencies to SHA digests for OpenSSF scorecard (#104)

Browse Source 
Pin scorecard-action and codeql-action to commit SHA in scorecard.yml.
Pin base images to digest in Dockerfile.redos and Dockerfile.astra.
Replace curl|bash with direct binary download for actionlint.
Remove unused pip install cargo-audit-sarif.
This commit is contained in:
DevITWay | Pavel Volkov
2026-04-06 02:28:02 +03:00
committed by GitHub
parent b949ef49b8
commit 69b7f1fb4e
4 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile.astra
View File

@@ -1,7 +1,7 @@
# syntax=docker/dockerfile:1.4
# NORA on Astra Linux SE base (Debian-based, FSTEC-certified)
# Binary is pre-built by CI and passed via context
FROM debian:bookworm-slim
FROM debian:bookworm-slim@sha256:f06537653ac770703bc45b4b113475bd402f451e85223f0f2837acbf89ab020a
RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates curl \