Skip to content

Create scorecard.yml#2888

Merged
eamonnmcmanus merged 3 commits intomainfrom
eamonnmcmanus-patch-1
Aug 13, 2025
Merged

Create scorecard.yml#2888
eamonnmcmanus merged 3 commits intomainfrom
eamonnmcmanus-patch-1

Conversation

@eamonnmcmanus
Copy link
Copy Markdown
Member

@eamonnmcmanus eamonnmcmanus commented Aug 13, 2025

Suggested by Google's internal GitHub Security Recommendations.

@eamonnmcmanus
Create scorecard.yml
ba741ca 
Suggested by Google's internal GitHub Security Recommendations.
@eamonnmcmanus eamonnmcmanus requested a review from cpovirk August 13, 2025 18:16
cpovirk
cpovirk approved these changes Aug 13, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@cpovirk cpovirk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you might already have surmised, this new file should be covered by your existing Dependabot setup for GitHub Actions, which matches Guava's setup, which has successfully led to PRs like https://github.com/google/guava/pull/7912/files.

Comment thread .github/workflows/scorecard.yml Outdated
@eamonnmcmanus @cpovirk
Update .github/workflows/scorecard.yml
d02f300 
Co-authored-by: Chris Povirk <cpovirk@google.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Aug 13, 2025
View reviewed changes
Comment thread .github/workflows/scorecard.yml Fixed
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
with:

Check notice

Code scanning / CodeQL

Syntax error Note

could not find expected ':'
Copy link
Copy Markdown
Member Author

@eamonnmcmanus eamonnmcmanus Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be fixed by latest commit.

Marcono1234
Marcono1234 reviewed Aug 13, 2025
View reviewed changes
Comment thread .github/workflows/scorecard.yml
@Marcono1234
Copy link
Copy Markdown
Contributor

Marcono1234 commented Aug 13, 2025

There is also an old PR (#2353) for adding scorecard.yml, which is probably obsolete now.

@eamonnmcmanus
Copy link
Copy Markdown
Member Author

eamonnmcmanus commented Aug 13, 2025

There is also an old PR (#2353) for adding scorecard.yml, which is probably obsolete now.

That's funny! I have zero recollection of that, even though I apparently created it.

@eamonnmcmanus eamonnmcmanus mentioned this pull request Aug 13, 2025
Closed
9 tasks
@eamonnmcmanus eamonnmcmanus merged commit 9334715 into main Aug 13, 2025
19 checks passed
@eamonnmcmanus eamonnmcmanus deleted the eamonnmcmanus-patch-1 branch August 13, 2025 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpovirk cpovirk cpovirk approved these changes

+1 more reviewer

@Marcono1234 Marcono1234 Marcono1234 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@eamonnmcmanus @Marcono1234 @cpovirk @github-advanced-security