-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#1830 update scorecard to v5 (gh action 2.4.0) #1890
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please re-base and check the single comments.
Signed-off-by: Nigel Jones <[email protected]>
Signed-off-by: Nigel Jones <[email protected]>
Signed-off-by: Nigel Jones <[email protected]>
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
The notice above relates to the scorecard analysis being available as entries under the 'security' tab. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I don't think it's an issue to merge this before we release 0.11.0, since it only touches CI (and even that only minimally), but it would be good to get a second opinion on that.
@SWilson4 though of course I want to get this merged, I'd say leave until after release. It just feels with days to go we should minimize any unncessary changes so seems a good general practice |
Note: Results are published by the openssf team at https://scorecard.dev/viewer/?uri=github.com%2Fopen-quantum-safe%2Fliboqs
Enabling our own scan is recommended by openssf, allows us to enable badges, and permits some tweaking of rules
The current scan results are here
Fixes #1830
n/a
No change to crypto. This is build pipeline only.