Skip to content

Create scorecard.yml #2888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 13, 2025
Merged

Create scorecard.yml #2888

merged 3 commits into from
Aug 13, 2025
+78 −0

Conversation

@eamonnmcmanus
Copy link
Member

@eamonnmcmanus eamonnmcmanus commented Aug 13, 2025

Suggested by Google's internal GitHub Security Recommendations.

@eamonnmcmanus
Create scorecard.yml
ba741ca 
Suggested by Google's internal GitHub Security Recommendations.
@eamonnmcmanus eamonnmcmanus requested a review from cpovirk August 13, 2025 18:16
cpovirk
cpovirk approved these changes Aug 13, 2025
View reviewed changes
Copy link
Member

@cpovirk cpovirk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you might already have surmised, this new file should be covered by your existing Dependabot setup for GitHub Actions, which matches Guava's setup, which has successfully led to PRs like https://github.com/google/guava/pull/7912/files.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 13, 2025
View reviewed changes
.github/workflows/scorecard.yml Fixed
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
with:

Check notice

Code scanning / CodeQL

Syntax error Note

could not find expected ':'
Copy link
Member Author

@eamonnmcmanus eamonnmcmanus Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be fixed by latest commit.

Marcono1234
Marcono1234 reviewed Aug 13, 2025
View reviewed changes
@Marcono1234
Copy link
Contributor

Marcono1234 commented Aug 13, 2025

There is also an old PR (#2353) for adding scorecard.yml, which is probably obsolete now.

@eamonnmcmanus
Copy link
Member Author

eamonnmcmanus commented Aug 13, 2025

There is also an old PR (#2353) for adding scorecard.yml, which is probably obsolete now.

That's funny! I have zero recollection of that, even though I apparently created it.

@eamonnmcmanus eamonnmcmanus mentioned this pull request Aug 13, 2025
Closed
9 tasks
@eamonnmcmanus eamonnmcmanus merged commit 9334715 into main Aug 13, 2025
19 checks passed
@eamonnmcmanus eamonnmcmanus deleted the eamonnmcmanus-patch-1 branch August 13, 2025 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpovirk cpovirk cpovirk approved these changes

+1 more reviewer

@Marcono1234 Marcono1234 Marcono1234 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@eamonnmcmanus @Marcono1234 @cpovirk