|
|
9709471485
|
fix: address code review findings
- Pin slsa-github-generator and codeql-action by SHA (not tag)
- Replace anonymous tuple with GroupedActivity struct for readability
- Replace unwrap() with if-let for safety
- Add warning message on attestation failure instead of silent || true
- Fix clippy: map_or -> is_some_and
|
2026-03-20 22:14:16 +00:00 |
|
|
|
07aed45518
|
fix: use tag for codeql-action in scorecard (webapp rejects SHA pins)
|
2026-03-19 10:42:14 +00:00 |
|
|
|
4ec963d41c
|
fix: add repo_token and permissions to scorecard workflow
|
2026-03-19 10:35:57 +00:00 |
|
|
|
7f7e3e4986
|
fix: revert scorecard-action to tag (Docker action incompatible with SHA pin)
|
2026-03-19 10:33:27 +00:00 |
|
|
|
d51f176fd8
|
fix: use commit SHA for scorecard-action (not tag SHA)
|
2026-03-19 09:21:29 +00:00 |
|
|
|
34d30433cb
|
fix: correct scorecard-action SHA pin for v2.4.3
|
2026-03-19 09:19:41 +00:00 |
|
|
|
fbd2aa35e8
|
ci: improve OpenSSF Scorecard rating (#45)
- Add CodeQL workflow for SAST analysis (Actions language)
- Pin scorecard-action and codeql-action by SHA in scorecard.yml
- Add cargo-audit SARIF upload for security tab integration
|
2026-03-19 11:51:11 +03:00 |
|
|
|
bc9604bac3
|
fix: use tags for scorecard webapp verification
|
2026-03-17 11:04:48 +00:00 |
|
|
|
15d12d073a
|
fix: use scorecard-action by tag for webapp verification
|
2026-03-17 11:02:14 +00:00 |
|
|
|
7df118d488
|
security: harden OpenSSF Scorecard compliance
- Pin all GitHub Actions by SHA hash (Pinned-Dependencies)
- Add top-level permissions: read-all (Token-Permissions)
- Add explicit job-level permissions (least privilege)
- Add OpenSSF Scorecard workflow with weekly schedule
- Publish scorecard results to scorecard.dev and GitHub Security tab
|
2026-03-17 10:30:15 +00:00 |
|
