taiars/nora - nora - Gitea: Git with a cup of tea

mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 16:10:31 +00:00

Author	SHA1	Message	Date
DevITWay \| Pavel Volkov	78dd91795d	ci: improve OpenSSF Scorecard rating (#45 ) - Add CodeQL workflow for SAST analysis (Actions language) - Pin scorecard-action and codeql-action by SHA in scorecard.yml - Add cargo-audit SARIF upload for security tab integration	2026-03-19 11:51:11 +03:00
devitway	31afa1f70b	fix: use tags for scorecard webapp verification	2026-03-17 11:04:48 +00:00
devitway	f36abd82ef	fix: use scorecard-action by tag for webapp verification	2026-03-17 11:02:14 +00:00
devitway	34e85acd6e	security: harden OpenSSF Scorecard compliance - Pin all GitHub Actions by SHA hash (Pinned-Dependencies) - Add top-level permissions: read-all (Token-Permissions) - Add explicit job-level permissions (least privilege) - Add OpenSSF Scorecard workflow with weekly schedule - Publish scorecard results to scorecard.dev and GitHub Security tab	2026-03-17 10:30:15 +00:00