-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup scorecard workflow #8127
Setup scorecard workflow #8127
Conversation
/kind changelog-not-required |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8127 +/- ##
==========================================
- Coverage 59.02% 59.01% -0.01%
==========================================
Files 364 364
Lines 30272 30270 -2
==========================================
- Hits 17867 17864 -3
- Misses 10959 10960 +1
Partials 1446 1446 ☔ View full report in Codecov by Sentry. |
jobs: | ||
# Build the Velero CLI and image once for all Kubernetes versions, and cache it so the fan-out workers can get it. | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out the code | ||
uses: actions/checkout@v4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
usually @ v4 should auto upgrade to latest. Is the # v4.1.7 here a manual comment? or something generated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes the V4 auto upgrade to the latest and that's what is identify as a vulnerability.
The # v4.1.7 is a comment that will be updated by dependabot when it creates it's upgrade PR
Apply security best practices Signed-off-by: Matthieu MOREL <[email protected]>
Apply security best practices
Thank you for contributing to Velero!
Please add a summary of your change
Setup scorecard workflow ans follow their recommations concerning (with the help of https://app.stepsecurity.io/secureworkflow)
Does your change fix a particular issue?
Fixes #(issue)
Please indicate you've done the following:
/kind changelog-not-required
as a comment on this pull request.site/content/docs/main
.