Skip to content

Commit

Permalink
Update action to v0.9.10 (#4)
Browse files Browse the repository at this point in the history 
* Update action to v0.9.10

Also update the README

* Update Dockerfile
  • Loading branch information
@fproulx-boostsecurity
fproulx-boostsecurity authored Apr 15, 2024
1 parent c3b9d33 commit 1ccc74e
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/boostsecurityio/poutine:0.9.9@sha256:e5790a12cb19c1433fee835e7b03f9e4051efb872bfc3d1c2a555767fbb65a70
FROM ghcr.io/boostsecurityio/poutine:0.9.10@sha256:74856385aadf2873389fcaac676551c7c7315d13e744d06fd645890e7794c6e7

USER root

Check failure on line 3 in Dockerfile

View check run for this annotation

BoostSecurity.io / boostsecurity - boostsecurityio/semgrep

Dockerfile#L3 

CWE-269: Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Expand Down
7 changes: 6 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
# poutine-action
boostsecurityio/poutine-action

This is a simple GitHub Action to simplify using poutine as part of GitHub Actions workflows.

Created by BoostSecurity.io, poutine is a security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository. It supports parsing CI workflows from GitHub Actions and Gitlab CI/CD. When given an access token with read-level access, poutine can analyze all the repositories of an organization to quickly gain insights into the security posture of the organization's software supply chain.

Visit https://github.com/boostsecurityio/poutine for more details about poutine itself.

0 comments on commit 1ccc74e

Please sign in to comment.