|
|
26e1e12e64
|
fix: use tag for codeql-action in scorecard (webapp rejects SHA pins)
|
2026-03-19 10:42:14 +00:00 |
|
|
|
29516f4ea3
|
fix: add repo_token and permissions to scorecard workflow
|
2026-03-19 10:35:57 +00:00 |
|
|
|
28ff719508
|
fix: revert scorecard-action to tag (Docker action incompatible with SHA pin)
|
2026-03-19 10:33:27 +00:00 |
|
|
|
d260ff8b5e
|
fix: use commit SHA for scorecard-action (not tag SHA)
|
2026-03-19 09:21:29 +00:00 |
|
|
|
578cdd7dd6
|
fix: correct scorecard-action SHA pin for v2.4.3
|
2026-03-19 09:19:41 +00:00 |
|
|
|
78dd91795d
|
ci: improve OpenSSF Scorecard rating (#45)
- Add CodeQL workflow for SAST analysis (Actions language)
- Pin scorecard-action and codeql-action by SHA in scorecard.yml
- Add cargo-audit SARIF upload for security tab integration
|
2026-03-19 11:51:11 +03:00 |
|
|
|
31afa1f70b
|
fix: use tags for scorecard webapp verification
|
2026-03-17 11:04:48 +00:00 |
|
|
|
f36abd82ef
|
fix: use scorecard-action by tag for webapp verification
|
2026-03-17 11:02:14 +00:00 |
|
|
|
34e85acd6e
|
security: harden OpenSSF Scorecard compliance
- Pin all GitHub Actions by SHA hash (Pinned-Dependencies)
- Add top-level permissions: read-all (Token-Permissions)
- Add explicit job-level permissions (least privilege)
- Add OpenSSF Scorecard workflow with weekly schedule
- Publish scorecard results to scorecard.dev and GitHub Security tab
|
2026-03-17 10:30:15 +00:00 |
|
