Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add custom remediation for workflow permissions/pinned dependencies #1885

Merged
merged 10 commits into from May 6, 2022
Merged

✨ Add custom remediation for workflow permissions/pinned dependencies #1885

merged 10 commits into from May 6, 2022

Conversation

laurentsimon
Copy link
Contributor

@laurentsimon laurentsimon commented May 4, 2022
edited

Add custom remediation for workflow permissions/pinned dependencies

Add custom remediation for workflow permissions/pinned dependencies

see #1850

Screenshot:
image

@laurentsimon laurentsimon temporarily deployed to integration-test May 4, 2022 20:05 Inactive
@laurentsimon laurentsimon temporarily deployed to integration-test May 4, 2022 20:06 Inactive
@codecov
Copy link

codecov bot commented May 4, 2022
edited

Codecov Report

Merging #1885 (e73fd67) into main (22694dc) will increase coverage by 2.96%.
The diff coverage is 62.50%.

@@            Coverage Diff             @@
##             main    #1885      +/-   ##
==========================================
+ Coverage   51.32%   54.28%   +2.96%     
==========================================
  Files          79       80       +1     
  Lines        6740     6797      +57     
==========================================
+ Hits         3459     3690     +231     
+ Misses       3050     2870     -180     
- Partials      231      237       +6

@laurentsimon
Copy link
Contributor Author

/cc @varunsh-coder

@laurentsimon laurentsimon temporarily deployed to integration-test May 4, 2022 20:26 Inactive
@github-actions
Copy link

github-actions bot commented May 4, 2022

Integration tests success for
[fc8ef6c]
(https://github.com/ossf/scorecard/actions/runs/2272045080)

@github-actions
Copy link

github-actions bot commented May 4, 2022

Integration tests success for
[58cdee4]
(https://github.com/ossf/scorecard/actions/runs/2272048496)

@github-actions
Copy link

github-actions bot commented May 4, 2022

Integration tests success for
[dc46c23]
(https://github.com/ossf/scorecard/actions/runs/2272055726)

@github-actions
Copy link

github-actions bot commented May 4, 2022

Integration tests success for
[ac7232a]
(https://github.com/ossf/scorecard/actions/runs/2272063546)

@github-actions
Copy link

github-actions bot commented May 4, 2022

Integration tests success for
[683a44a]
(https://github.com/ossf/scorecard/actions/runs/2272099017)

@laurentsimon
Copy link
Contributor Author

Fyi, the protobuf-related checks have started failing again over the past few days

@varunsh-coder
Copy link
Contributor

@laurentsimon thanks a lot for the PR! Great to see remediation being added. I added couple of comments. Do you have a screenshot of how this looks right now? I am curious how remediation info will show up in the GitHub Code Scanning UI.

@laurentsimon
Copy link
Contributor Author

laurentsimon commented May 4, 2022
edited

@laurentsimon thanks a lot for the PR! Great to see remediation being added. I added couple of comments. Do you have a screenshot of how this looks right now? I am curious how remediation info will show up in the GitHub Code Scanning UI.

I added the screenshot in the PR description. PTAL

@laurentsimon laurentsimon temporarily deployed to integration-test May 4, 2022 23:41 Inactive
@github-actions
Copy link

github-actions bot commented May 5, 2022

Integration tests success for
[f1ff602]
(https://github.com/ossf/scorecard/actions/runs/2272889822)

@laurentsimon
Copy link
Contributor Author

friendly ping for a review.

@laurentsimon laurentsimon temporarily deployed to integration-test May 6, 2022 15:53 Inactive
@github-actions
Copy link

github-actions bot commented May 6, 2022

Integration tests success for
[c764305]
(https://github.com/ossf/scorecard/actions/runs/2282735247)

@laurentsimon laurentsimon enabled auto-merge (squash) May 6, 2022 19:08
@laurentsimon laurentsimon temporarily deployed to integration-test May 6, 2022 19:09 Inactive
@github-actions
Copy link

github-actions bot commented May 6, 2022

Integration tests success for
[e73fd67]
(https://github.com/ossf/scorecard/actions/runs/2283562630)

@laurentsimon laurentsimon merged commit 8c97d46 into ossf:main May 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@varunsh-coder varunsh-coder varunsh-coder left review comments

@azeemshaikh38 azeemshaikh38 azeemshaikh38 approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@laurentsimon @varunsh-coder @azeemshaikh38