Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure OpenSSF Scorecard's Pinned-Dependencies check to block CI #1579

Open
2 tasks
joshlf opened this issue Aug 8, 2024 · 3 comments · May be fixed by #1994
Open
2 tasks

Configure OpenSSF Scorecard's Pinned-Dependencies check to block CI #1579

joshlf opened this issue Aug 8, 2024 · 3 comments · May be fixed by #1994
Assignees
@Aditya-PS-05
Labels
experience-medium This issue is of medium difficulty, and requires some experience help wanted Extra attention is needed

Comments

@joshlf
Copy link
Member

joshlf commented Aug 8, 2024
edited
Loading

OpenSSF Scorecard is configured on this repository, but it only runs periodically and generates reports like this one (inserting screen shots since these alerts are not publicly viewable):

Screenshot 2024-08-08 at 8 33 31 AM Screenshot 2024-08-08 at 8 34 01 AM

It would be better if we could block PRs if they fail this check.

Mentoring instructions

Interested in contributing? See our contributing guide.

  • Figure out how to run the Pinned-Dependency check in CI
  • Ensure all dependencies reported by this check are pinned
@joshlf joshlf added help wanted Extra attention is needed experience-medium This issue is of medium difficulty, and requires some experience labels Aug 8, 2024
@joshlf joshlf changed the title Configure OpenSSF Scorecard's Pinned-Dependencies check block CI Configure OpenSSF Scorecard's Pinned-Dependencies check to block CI Aug 8, 2024
@Aditya-PS-05
Copy link
Contributor

Can you assign me this issue?

@Aditya-PS-05 Aditya-PS-05 linked a pull request Oct 31, 2024 that will close this issue
Open
@joshlf
Copy link
Member Author

joshlf commented Oct 31, 2024

Can you assign me this issue?

Done!

@Aditya-PS-05
Copy link
Contributor

@joshlf , Please review my pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Aditya-PS-05 Aditya-PS-05

Labels
experience-medium This issue is of medium difficulty, and requires some experience help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: enforce Pinned-Dependencies check in CI for PRs Aditya-PS-05/zerocopy
2 participants
@joshlf @Aditya-PS-05