Merge remote-tracking branch 'origin/main'

devsecopsmaturitymodel · Nov 10, 2023 · f1444f9 · f1444f9
2 parents a224547 + fd1ff05
commit f1444f9
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# [1.5.0](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/compare/v1.4.0...v1.5.0) (2023-11-10)
+
+
+### Features
+
+* enhance signing description ([1914f4c](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/commit/1914f4c831ea98c87dbb396fc91bbaf479de58e7))
+
 # [1.4.0](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/compare/v1.3.0...v1.4.0) (2023-11-10)
 
 

diff --git a/src/assets/YAML/generated/generated.yaml b/src/assets/YAML/generated/generated.yaml
@@ -185,14 +185,16 @@ Build and Deployment:
         or container images.
       measure: Digitally signing artifacts for all steps during the build and especially
         docker images, helps to ensure their integrity and authenticity.
-      description: "## Github\nYou need to be authenticated to perform a push to a
-        Github repository. Github doesn't check if the authenticated user and the
+      description: "### Github\nYou need to be authenticated to perform a push to
+        a Github repository. Github doesn't check if the authenticated user and the
         mail address in the commit corresponds. \nTo highlight to reviewers who performed
         a commit, signing is needed.\nBe aware that github actions like [semantic-release-action](https://github.com/cycjimmy/semantic-release-action)
         will not sign commits and will fail. You find an example working configuration
         to use semantic release action together with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action)
         in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml)
-        of DSOMM.\n"
+        of DSOMM.\nYou might want to utilize [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
+        from your organization for a specific repository and put the Personal Access
+        Token (PAT) as secret into the project.\n"
       difficultyOfImplementation:
         knowledge: 2
         time: 2