taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 06:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: pin dependencies to SHA digests for OpenSSF scorecard (#104)

Browse Source 
Pin scorecard-action and codeql-action to commit SHA in scorecard.yml.
Pin base images to digest in Dockerfile.redos and Dockerfile.astra.
Replace curl|bash with direct binary download for actionlint.
Remove unused pip install cargo-audit-sarif.
This commit is contained in:
DevITWay | Pavel Volkov
2026-04-06 02:28:02 +03:00
committed by GitHub
parent b949ef49b8
commit 69b7f1fb4e
4 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile.redos
View File

@@ -1,7 +1,7 @@
# syntax=docker/dockerfile:1.4
# NORA on RED OS base (RPM-based, FSTEC-certified)
# Binary is pre-built by CI and passed via context
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4@sha256:c0e70387664f30cd9cf2795b547e4a9a51002c44a4a86aa9335ab030134bf392
RUN microdnf install -y ca-certificates shadow-utils \
&& microdnf clean all \