mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
f29d8471c8
This is a modifed version of the workflow from the project itself: * Not using personal access tokens because I believe they are a security issue (this means Branch-Protection check will be incorrect) * Not uploading results to actions cache: Maybe there's a point but I don't see it as the SARIF files are not very human readable This should give us some code scanning alerts in the security tab on Github. This is not really what I'm interested in though so I've enabled the upload to https://api.securityscorecards.dev/. The results json on there is not exactly readable but it is good enough to check what the current results are -- and deps.dev should use those results after some delay I believe. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com> |
||
|---|---|---|
| .. | ||
| workflows | ||
| dependabot.yml | ||
| ISSUE_TEMPLATE.md | ||
| PULL_REQUEST_TEMPLATE.md | ||