⬆️ gha: Bump the github-actions group across 1 directory with 18 updates

[dependabot]

Bumps the github-actions group with 18 updates in the / directory:

Package	From	To
step-security/harden-runner	2.9.1	2.13.0
actions/checkout	4.1.7	5.0.0
actions/dependency-review-action	4.3.4	4.7.3
reviewdog/action-tflint	1.23.2	1.25.0
reviewdog/action-trivy	1.11.3	1.14.0
reviewdog/action-golangci-lint	2.6.2	2.8.0
reviewdog/action-misspell	1.23.0	1.26.3
reviewdog/action-alex	1.13.0	1.16.0
reviewdog/action-markdownlint	0.24.0	0.26.2
reviewdog/action-actionlint	1.54.0	1.67.0
actions/labeler	5.0.0	6.0.1
mikepenz/release-changelog-builder-action	5.0.0.pre.rc02	5.4.1
softprops/action-gh-release	2.0.8	2.3.3
ossf/scorecard-action	2.4.0	2.4.2
actions/upload-artifact	4.4.0	4.6.2
github/codeql-action	3.26.6	3.30.1
actions/setup-go	5.0.2	6.0.0
aws-actions/configure-aws-credentials	4.0.2	5.0.0

Updates step-security/harden-runner from 2.9.1 to 2.13.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.0

What's Changed

• Improved job markdown summary
• Https monitoring for all domains (included with the enterprise tier)

Full Changelog: step-security/harden-runner@v2...v2.13.0

v2.12.2

What's Changed

Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:

• Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
• Increased policy map size for block mode

Full Changelog: step-security/harden-runner@v2...v2.12.2

v2.12.1

What's Changed

• Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
• Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

v2.12.0

What's Changed

1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: step-security/harden-runner@v2...v2.12.0

v2.11.1

What's Changed

• cache: add support for GitHub Actions cache v2 by @​h0x0er in step-security/harden-runner#529

Full Changelog: step-security/harden-runner@v2...v2.11.1

v2.11.0

What's Changed

Release v2.11.0 in #498 Harden-Runner Enterprise tier now supports the use of eBPF for DNS resolution and network call monitoring

Full Changelog: step-security/harden-runner@v2...v2.11.0

v2.10.4

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

... (truncated)

Commits

• ec9f2d5 Merge pull request #565 from step-security/rc-24
• 04bcbc3 update agent
• 7c7a56f feat: get job summary from API
• 6c439dc Merge pull request #562 from step-security/rc-22
• bf56886 update agent
• 5436dac update agent
• 88d305a update agent
• b976878 update agent
• 875cc92 Update agent
• 002fdce Merge pull request #544 from step-security/rc-21
• Additional commits viewable in compare view

Updates actions/checkout from 4.1.7 to 5.0.0

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236
• Prepare release v4.3.0 by @​salmanmkc in actions/checkout#2237

New Contributors

• @​motss made their first contribution in actions/checkout#1971
• @​mouismail made their first contribution in actions/checkout#1977
• @​benwells made their first contribution in actions/checkout#2043
• @​nebuk89 made their first contribution in actions/checkout#2194
• @​salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

• 08c6903 Prepare v5.0.0 release (#2238)
• 9f26565 Update actions checkout to use node 24 (#2226)
• 08eba0b Prepare release v4.3.0 (#2237)
• 631c7dc Update package dependencies (#2236)
• 8edcb1b Update CODEOWNERS for actions (#2224)
• 09d2aca Update README.md (#2194)
• 85e6279 Adjust positioning of user email note and permissions heading (#2044)
• 009b9ae Documentation update - add recommended permissions to Readme (#2043)
• cbb7224 Update README.md (#1977)
• 3b9b8c8 docs: update README.md (#1971)
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.3.4 to 4.7.3

Release notes

Sourced from actions/dependency-review-action's releases.

4.7.3

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in actions/dependency-review-action#966
• Claire153/fix spamming mentioned issue by @​claire153 in actions/dependency-review-action#974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

4.7.2

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in actions/dependency-review-action#945
• Deprecate deny lists by @​claire153 in actions/dependency-review-action#958
• Address discrepancy between docs and reality by @​ahpook in actions/dependency-review-action#960

New Contributors

• @​KyFaSt made their first contribution in actions/dependency-review-action#945
• @​claire153 made their first contribution in actions/dependency-review-action#958
• @​ahpook made their first contribution in actions/dependency-review-action#960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in actions/dependency-review-action#870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in actions/dependency-review-action#876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in actions/dependency-review-action#878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in actions/dependency-review-action#877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in actions/dependency-review-action#891
• Allow deny package removal by @​ellenfieldn in actions/dependency-review-action#888
• Fix typos by @​omahs in actions/dependency-review-action#893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in actions/dependency-review-action#900
• Bump octokit and related dependencies by @​RomanIakovlev in actions/dependency-review-action#904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in actions/dependency-review-action#905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in actions/dependency-review-action#899
• Update transitive dependency spdx-license-ids by @​ailox in actions/dependency-review-action#855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in actions/dependency-review-action#884
• Improve usage of this action in dependency-review.yml by @​fabasoad in actions/dependency-review-action#883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in actions/dependency-review-action#902
• Prepare 4.6.0 Release candidate by @​brrygrdn in actions/dependency-review-action#910

New Contributors

• @​AshelyTC made their first contribution in actions/dependency-review-action#891
• @​ellenfieldn made their first contribution in actions/dependency-review-action#888

... (truncated)

Commits

• 595b5ae Update package version (#975)
• fc5fd66 Claire153/fix spamming mentioned issue (#974)
• d38d1a4 Merge pull request #965 from actions/dependabot/npm_and_yarn/multi-c22e25d29b
• 8d420b8 Merge branch 'main' into dependabot/npm_and_yarn/multi-c22e25d29b
• bde0129 Merge pull request #966 from actions/ashelytc/add-permissions
• ab52490 remove ruby
• ef00a0a add permissions to workflows
• 74c8179 Bump brace-expansion
• bc41886 Cut 4.7.2 version release (#964)
• 1c73553 Merge pull request #960 from ahpook/ahpook/address-docs-dashes
• Additional commits viewable in compare view

Updates reviewdog/action-tflint from 1.23.2 to 1.25.0

Release notes

Sourced from reviewdog/action-tflint's releases.

Release v1.25.0

What's Changed

• chore(deps): update reviewdog/action-misspell action to v1.26.2 by @​renovate[bot] in reviewdog/action-tflint#105
• chore(deps): update reviewdog/action-depup action to v1.6.4 by @​renovate[bot] in reviewdog/action-tflint#104
• chore(deps): update reviewdog/action-misspell action to v1.26.3 by @​renovate[bot] in reviewdog/action-tflint#106
• README: Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-tflint#108
• chore(deps): update reviewdog/reviewdog to 0.21.0 by @​github-actions[bot] in reviewdog/action-tflint#101

Full Changelog: reviewdog/action-tflint@v1.24.2...v1.25.0

Release v1.24.2

What's Changed

• Pin reviewdog install script version with commit SHA by @​haya14busa in reviewdog/action-tflint#103

Full Changelog: reviewdog/action-tflint@v1.24.1...v1.24.2

Release v1.24.1

What's Changed

• Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-tflint#102

Full Changelog: reviewdog/action-tflint@v1.24.0...v1.24.1

Release v1.24.0

What's Changed

• docs(README): add documents about input parameters by @​rinx in reviewdog/action-tflint#98
• README: Fix CI status badges by @​massongit in reviewdog/action-tflint#92
• Update reviewdog and add fail_level and deduplicate fail_on_error by @​massongit in reviewdog/action-tflint#100

New Contributors

• @​rinx made their first contribution in reviewdog/action-tflint#98

Full Changelog: reviewdog/action-tflint@v1.23.2...v1.24.0

Commits

• 54a5e5a chore(deps): update reviewdog/reviewdog to 0.21.0 (#101)
• 92ecd5b README: Pin GitHub Actions with commit SHA using pinact (#108)
• 4e022bb chore(deps): update reviewdog/action-misspell action to v1.26.3 (#106)
• 1848510 chore(deps): update reviewdog/action-depup action to v1.6.4 (#104)
• f1101e4 chore(deps): update reviewdog/action-misspell action to v1.26.2 (#105)
• 41b4770 Pin reviewdog install script version with commit SHA (#103)
• 7b57187 Pin GitHub Actions with commit SHA using pinact (#102)
• f17a66a Update reviewdog and add fail_level and deduplicate fail_on_error (#100)
• f9cb738 README: Fix CI status badges (#92)
• b61e666 docs(README): add documents about input parameters (#98)
• See full diff in compare view

Updates reviewdog/action-trivy from 1.11.3 to 1.14.0

Release notes

Sourced from reviewdog/action-trivy's releases.

Release v1.14.0

v1.14.0: PR #104 - chore(deps): update reviewdog to 0.21.0

Release v1.13.10

v1.13.10: PR #82 - Pin reviewdog install script version with commit SHA

Release v1.13.9

v1.13.9: PR #81 - Pin GitHub Actions with commit SHA using pinact

Release v1.13.8

v1.13.8: PR #79 - chore(deps): update terraform aws to ~> 5.90.0

Release v1.13.7

v1.13.7: PR #78 - chore(deps): update terraform aws to ~> 5.89.0

Release v1.13.5

v1.13.5: PR #77 - chore(deps): update terraform aws to ~> 5.84.0

Release v1.13.4

v1.13.4: PR #72 - Support reviewdog command line argument changes (--fail-level)

Release v1.13.3

v1.13.3: PR #75 - chore(deps): update terraform aws to ~> 5.83.0

Release v1.13.2

v1.13.2: PR #71 - chore(deps): update terraform aws to ~> 5.82.0

Release v1.13.1

v1.13.1: PR #69 - chore(deps): update terraform aws to ~> 5.81.0

Release v1.13.0

v1.13.0: PR #67 - chore(deps): update reviewdog to 0.20.3

Release v1.12.6

v1.12.6: PR #68 - chore(deps): update terraform aws to ~> 5.80.0

Release v1.12.5

v1.12.5: PR #66 - chore(deps): update terraform aws to ~> 5.79.0

Release v1.12.4

v1.12.4: PR #65 - chore(deps): update terraform aws to ~> 5.78.0

Release v1.12.3

v1.12.3: PR #62 - chore(deps): update terraform aws to ~> 5.77.0

Release v1.12.2

v1.12.2: PR #63 - Support for aarch64 architecture (which is equivalent to arm64)

Release v1.12.1

v1.12.1: PR #58 - chore(deps): update terraform aws to ~> 5.72.0

... (truncated)

Commits

• a1e6d7d Merge pull request #104 from reviewdog/depup/reviewdog
• 20b6816 chore(deps): update reviewdog to 0.21.0
• a1a479d Merge pull request #94 from reviewdog/renovate/azurerm-4.x
• 7a02290 chore(deps): update terraform azurerm to ~> 4.26.0
• 590ac69 Merge pull request #93 from reviewdog/renovate/aws-5.x
• f895ad5 chore(deps): update terraform aws to ~> 5.94.0
• 5392bcc Merge pull request #92 from reviewdog/renovate/azurerm-4.x
• 0e5f775 chore(deps): update terraform azurerm to ~> 4.25.0
• 90be6ba Merge pull request #91 from reviewdog/renovate/aws-5.x
• 536d9aa chore(deps): update terraform aws to ~> 5.93.0
• Additional commits viewable in compare view

Updates reviewdog/action-golangci-lint from 2.6.2 to 2.8.0

Release notes

Sourced from reviewdog/action-golangci-lint's releases.

Release v2.8.0

v2.8.0: PR #779 - fix: migrate to golangci-lint v2

Release v2.7.2

What's Changed

• chore(deps): update reviewdog/action-actionlint action to v1.65.2 by @​renovate in reviewdog/action-golangci-lint#769
• chore(deps): update reviewdog/action-eslint action to v1.33.2 by @​renovate in reviewdog/action-golangci-lint#770
• README: Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-golangci-lint#771
• chore(deps): update github/codeql-action action to v3.28.12 by @​renovate in reviewdog/action-golangci-lint#772
• chore(deps): update dependency @​types/node to v20.17.24 by @​renovate in reviewdog/action-golangci-lint#762
• chore(deps): update dependency @​types/node to v20.17.25 by @​renovate in reviewdog/action-golangci-lint#773
• chore(deps): update dependency prettier to v3.5.3 by @​renovate in reviewdog/action-golangci-lint#764
• chore(deps): update dependency ts-jest to v29.2.6 by @​renovate in reviewdog/action-golangci-lint#766
• chore(deps): update dependency typescript to v5.8.2 by @​renovate in reviewdog/action-golangci-lint#767
• chore(deps): update dependency @​types/node to v20.17.26 by @​renovate in reviewdog/action-golangci-lint#774
• chore(deps): update dependency ts-jest to v29.3.0 by @​renovate in reviewdog/action-golangci-lint#775
• fix(deps): update dependency semver to v7.7.1 by @​renovate in reviewdog/action-golangci-lint#763
• fix(deps): update dependency @​actions/cache to v4.0.3 by @​renovate in reviewdog/action-golangci-lint#765
• Bump undici from 5.28.4 to 5.29.0 by @​dependabot in reviewdog/action-golangci-lint#776

Full Changelog: reviewdog/action-golangci-lint@v2.7.1...v2.7.2

Release v2.7.1

v2.7.1: PR #768 - Pin GitHub Actions with commit SHA using pinact

Release v2.7.0

v2.7.0: PR #754 - Add fail_level and deduplicate fail_on_error

Commits

• f9bba13 Merge pull request #779 from pranc1ngpegasus/fix/migrate-to-golangci-lint-v2
• 5a4f816 fix: github actions
• 110d7c1 chore: generate source-map
• cbecd11 feat: add test
• 44ac2b8 fix: migrate to golangci-lint v2
• c6764e1 Merge pull request #778 from reviewdog/renovate/node-20.x-lockfile
• b96f60d chore(deps): update dependency @​types/node to v20.17.27
• adbc694 Merge pull request #777 from reviewdog/bump-actions-in-readme
• 0d87359 pinact run --update README.md
• 3dfdce2 Merge pull request #776 from reviewdog/dependabot/npm_and_yarn/undici-5.29.0
• Additional commits viewable in compare view

Updates reviewdog/action-misspell from 1.23.0 to 1.26.3

Release notes

Sourced from reviewdog/action-misspell's releases.

Release v1.26.3

What's Changed

• Pin reviewdog install script version with commit SHA by @​haya14busa in reviewdog/action-misspell#79

Full Changelog: reviewdog/action-misspell@v1.26.2...v1.26.3

Release v1.26.2

What's Changed

• Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-misspell#78

Full Changelog: reviewdog/action-misspell@v1.26.1...v1.26.2

Release v1.26.1

What's Changed

• chore(deps): update peter-evans/create-pull-request action to v7 by @​renovate in reviewdog/action-misspell#73

Full Changelog: reviewdog/action-misspell@v1.26.0...v1.26.1

Release v1.26.0

What's Changed

• chore(deps): update reviewdog to 0.20.3 by @​github-actions in reviewdog/action-misspell#76

Full Changelog: reviewdog/action-misspell@v1.25.0...v1.26.0

Release v1.25.0

What's Changed

• Add fail_level and deduplicate fail_on_error by @​massongit in reviewdog/action-misspell#75

Full Changelog: reviewdog/action-misspell@v1.24.0...v1.25.0

Release v1.24.0

What's Changed

• chore(deps): update reviewdog to 0.20.2 by @​github-actions in reviewdog/action-misspell#74

Full Changelog: reviewdog/action-misspell@v1.23.0...v1.24.0

Commits

• 9daa94a Merge pull request #79 from reviewdog/pin-install-script-ver
• 21691a4 Pin reviewdog install script version with commit SHA
• 8494bbc Merge pull request #78 from reviewdog/pinact-action-misspell
• 53419db Pin GitHub Actions with commit SHA using pinact
• 18ffb61 Merge pull request #73 from reviewdog/renovate/peter-evans-create-pull-reques...
• b277a94 Merge pull request #76 from reviewdog/depup/reviewdog
• 364a050 chore(deps): update reviewdog to 0.20.3
• 6dbb2a0 Merge pull request #75 from reviewdog/add_fail_level
• c60dcb0 Add line break
• bb00978 Merge branch 'master' into add_fail_level
• Additional commits viewable in compare view

Updates reviewdog/action-alex from 1.13.0 to 1.16.0

Release notes

Sourced from reviewdog/action-alex's releases.

Release v1.16.0

What's Changed

• chore(deps): update reviewdog to 0.20.3 by @​github-actions in reviewdog/action-alex#45

Full Changelog: reviewdog/action-alex@v1.15.4...v1.16.0

Release v1.15.4

What's Changed

• chore(deps): update reviewdog/action-shellcheck action to v1.29.2 by @​renovate in reviewdog/action-alex#41
• chore(deps): update reviewdog/action-misspell action to v1.26.2 by @​renovate in reviewdog/action-alex#40
• chore(deps): update reviewdog/action-hadolint action to v1.50.1 by @​renovate in reviewdog/action-alex#39
• chore(deps): update haya14busa/action-depup action to v1.6.4 by @​renovate in reviewdog/action-alex#38
• chore(deps): update reviewdog/action-misspell action to v1.26.3 by @​renovate in reviewdog/action-alex#43
• chore(deps): update reviewdog/action-hadolint action to v1.50.2 by @​renovate in reviewdog/action-alex#42
• chore(deps): update peter-evans/create-pull-request action to v7 by @​renovate in reviewdog/action-alex#32
• chore(deps): update reviewdog/action-shellcheck action to v1.29.3 by @​renovate in reviewdog/action-alex#44

Full Changelog: reviewdog/action-alex@v1.15.3...v1.15.4

Release v1.15.3

What's Changed

• Pin reviewdog install script version with commit SHA by @​haya14busa in reviewdog/action-alex#37

Full Changelog: reviewdog/action-alex@v1.15.2...v1.15.3

Release v1.15.2

What's Changed

• chore(deps): update haya14busa/action-depup action to v1.6.3 by @​renovate in reviewdog/action-alex#36

Full Changelog: reviewdog/action-alex@v1.15.1...v1.15.2

Release v1.15.1

What's Changed

• Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-alex#35

Full Changelog: reviewdog/action-alex@v1.15.0...v1.15.1

Release v1.15.0

What's Changed

• Add fail_level and deduplicate fail_on_error by @​massongit in reviewdog/action-alex#34

New Contributors

• @​massongit made their first contribution in reviewdog/action-alex#34

Full Changelog: reviewdog/action-alex@v1.14.0...v1.15.0

... (truncated)

Commits

• 6083b8c Merge pull request #45 from reviewdog/depup/reviewdog
• c0ca67b chore(deps): update reviewdog to 0.20.3
• d623036 Merge pull request #44 from reviewdog/renovate/reviewdog-action-shellcheck-1.x
• ab7cc67 Merge pull request

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/actions/checkout	08c6903cd8c0fde910a37f88322edcfb5dd907a8	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/actions/dependency-review-action	595b5aeba73380359d98a5e087f648dbb0edce1b	🟢 7.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 9 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
actions/step-security/harden-runner	ec9f2d5744a09debf3a187a3f4f675c53b671911	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 13 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 8 2 existing vulnerabilities detected
actions/actions/checkout	08c6903cd8c0fde910a37f88322edcfb5dd907a8	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/actions/checkout	08c6903cd8c0fde910a37f88322edcfb5dd907a8	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/reviewdog/action-actionlint	95395aac8c053577d0bc67eb7b74936c660c6f66	🟢 4.9	Details Check Score Reason Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 1/6 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/reviewdog/action-alex	6083b8ca333981fa617c6828c5d8fb21b13d916b	🟢 4.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 2 Found 1/4 approved changesets -- score normalized to 2 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/reviewdog/action-golangci-lint	f9bba13753278f6a73b27a56a3ffb1bfda90ed71	🟢 5.1	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 5 5 existing vulnerabilities detected
actions/reviewdog/action-markdownlint	3667398db9118d7e78f7a63d10e26ce454ba5f58	🟢 4.1	Details Check Score Reason Code-Review ⚠️ 2 Found 1/5 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/reviewdog/action-misspell	9daa94af4357dddb6fd3775de806bc0a8e98d3e4	🟢 4.3	Details Check Score Reason Code-Review 🟢 5 Found 3/6 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/reviewdog/action-tflint	54a5e5aed57dcfbb4662ec548de876df33d6288d	🟢 5.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 13/16 approved changesets -- score normalized to 8 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/reviewdog/action-trivy	a1e6d7dd5520369c076d7ce639a16442938535d8	🟢 3.3	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 0/3 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
actions/step-security/harden-runner	ec9f2d5744a09debf3a187a3f4f675c53b671911	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 13 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 8 2 existing vulnerabilities detected
actions/actions/labeler	634933edcd8ababfe52f92936142cc22ac488b1b	🟢 5.3	Details Check Score Reason Maintained 🟢 3 3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3 Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6 Vulnerabilities 🟢 6 4 existing vulnerabilities detected
actions/step-security/harden-runner	ec9f2d5744a09debf3a187a3f4f675c53b671911	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 13 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 8 2 existing vulnerabilities detected
actions/actions/checkout	08c6903cd8c0fde910a37f88322edcfb5dd907a8	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/mikepenz/release-changelog-builder-action	c9dc8369bccbc41e0ac887f8fd674f5925d315f7	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/4 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/softprops/action-gh-release	6cbd405e2c4e67a21c47fa9e383d020e4e28b836	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 2 Found 4/16 approved changesets -- score normalized to 2 Maintained 🟢 10 22 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/step-security/harden-runner	ec9f2d5744a09debf3a187a3f4f675c53b671911	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 13 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 8 2 existing vulnerabilities detected
actions/actions/checkout	08c6903cd8c0fde910a37f88322edcfb5dd907a8	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/actions/upload-artifact	ea165f8d65b6e75b540449e92b4886f43607fa02	🟢 4.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif	f1f6e5f6af878fb37288ce1c627459e94dbf7d01	Unknown	Unknown
actions/ossf/scorecard-action	05b42c624433fc40578a4040d5cf5e36ddca8cde	🟢 9.1	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 17 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 16 contributing companies or organizations
actions/step-security/harden-runner	ec9f2d5744a09debf3a187a3f4f675c53b671911	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 13 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 8 2 existing vulnerabilities detected
actions/actions/checkout	08c6903cd8c0fde910a37f88322edcfb5dd907a8	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/actions/setup-go	44694675825211faa026b3c33043df3e48a5fa00	🟢 6.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/aws-actions/configure-aws-credentials	a03048d87541d1d9fcf2ecf528a4a65ba9bd7838	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 6 Found 12/19 approved changesets -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/step-security/harden-runner	ec9f2d5744a09debf3a187a3f4f675c53b671911	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 13 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 8 2 existing vulnerabilities detected

Scanned Files

• .github/workflows/dependency-review.yml
• .github/workflows/infracost.yml
• .github/workflows/lint.yml
• .github/workflows/pr-label.yml
• .github/workflows/release.yml
• .github/workflows/scorecard.yml
• .github/workflows/test.yml

[deepsource-io]

Here's the code health analysis summary for commits d32dc77..e829aa3. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Secrets	✅ Success		View Check ↗
Terraform	✅ Success		View Check ↗
Go	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.