The OpenSSF scorecard tool recommends that this project should implement dependency hash-pinning and automated dependency update tooling.
Refer:
- https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
- https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
Warn: no dependency update tool configurations found.
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating fedora to fedora@sha256:_HASH_
The following actions are not hash-pinned:
-
.github/workflows/comment-ci.yaml:189
-
.github/workflows/comment-ci.yaml:15
-
.github/workflows/comment-ci.yaml:30:
-
.github/workflows/comment-ci.yaml:51:
-
.github/workflows/comment-ci.yaml:74:
-
.github/workflows/comment-ci.yaml:97:
-
.github/workflows/comment-ci.yaml:120:
-
.github/workflows/comment-ci.yaml:143:
-
.github/workflows/comment-ci.yaml:166
-
.github/workflows/greenboot-ci.yaml:156
-
.github/workflows/greenboot-ci.yaml:177
-
.github/workflows/greenboot-ci.yaml:198
-
.github/workflows/greenboot-ci.yaml:13
-
.github/workflows/greenboot-ci.yaml:28
-
.github/workflows/greenboot-ci.yaml:49
-
.github/workflows/greenboot-ci.yaml:93
-
.github/workflows/greenboot-ci.yaml:114
-
.github/workflows/greenboot-ci.yaml:135
.github/workflows/greenboot-rs.yaml:106
.github/workflows/greenboot-rs.yaml:128
.github/workflows/greenboot-rs.yaml:141
.github/workflows/greenboot-rs.yaml:160
.github/workflows/greenboot-rs.yaml:215
.github/workflows/greenboot-rs.yaml:227
.github/workflows/greenboot-rs.yaml:17
.github/workflows/greenboot-rs.yaml:34
.github/workflows/main.yml:9
.github/workflows/main.yml:23
.github/workflows/main.yml:29:
.github/workflows/main.yml:36
The OpenSSF scorecard tool recommends that this project should implement dependency hash-pinning and automated dependency update tooling.
Refer:
The following actions are not hash-pinned:
.github/workflows/comment-ci.yaml:189
.github/workflows/comment-ci.yaml:15
.github/workflows/comment-ci.yaml:30:
.github/workflows/comment-ci.yaml:51:
.github/workflows/comment-ci.yaml:74:
.github/workflows/comment-ci.yaml:97:
.github/workflows/comment-ci.yaml:120:
.github/workflows/comment-ci.yaml:143:
.github/workflows/comment-ci.yaml:166
.github/workflows/greenboot-ci.yaml:156
.github/workflows/greenboot-ci.yaml:177
.github/workflows/greenboot-ci.yaml:198
.github/workflows/greenboot-ci.yaml:13
.github/workflows/greenboot-ci.yaml:28
.github/workflows/greenboot-ci.yaml:49
.github/workflows/greenboot-ci.yaml:93
.github/workflows/greenboot-ci.yaml:114
.github/workflows/greenboot-ci.yaml:135
.github/workflows/greenboot-rs.yaml:106
.github/workflows/greenboot-rs.yaml:128
.github/workflows/greenboot-rs.yaml:141
.github/workflows/greenboot-rs.yaml:160
.github/workflows/greenboot-rs.yaml:215
.github/workflows/greenboot-rs.yaml:227
.github/workflows/greenboot-rs.yaml:17
.github/workflows/greenboot-rs.yaml:34
.github/workflows/main.yml:9
.github/workflows/main.yml:23
.github/workflows/main.yml:29:
.github/workflows/main.yml:36