You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Flagging supply-chain security issues is important for you to be aware of where your repository is vulnerable to these attacks and act upon it. Supply-chain attacks aim for your development, build and release weaknesses. That's why using minimum permissions for actions and referencing actions by commit SHA on your GitHub workflows helps protecting you from malicious actions on GitHub, specially in build and release workflows.
In this repository, we have already worked to flag and fix a few supply-chain security issues. To flag more issues like that, you can use Scorecard security tool to receive alerts in GitHub's Security Dashboard. If you agree, I can open a PR to add it.
Additional Context
Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)
The text was updated successfully, but these errors were encountered:
Flagging supply-chain security issues is important for you to be aware of where your repository is vulnerable to these attacks and act upon it. Supply-chain attacks aim for your development, build and release weaknesses. That's why using minimum permissions for actions and referencing actions by commit SHA on your GitHub workflows helps protecting you from malicious actions on GitHub, specially in build and release workflows.
In this repository, we have already worked to flag and fix a few supply-chain security issues. To flag more issues like that, you can use Scorecard security tool to receive alerts in GitHub's Security Dashboard. If you agree, I can open a PR to add it.
Additional Context
Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)
The text was updated successfully, but these errors were encountered: