mirror of
https://github.com/ossf/scorecard.git
synced 2024-11-04 03:52:31 +03:00
make critical (#1348)
This commit is contained in:
parent
45b5a35020
commit
b8d7a6b722
@ -357,7 +357,7 @@ CI-Tests | Does the project run tests in CI, e.g. [GitHub Act
|
||||
CII-Best-Practices | Does the project have a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)?
|
||||
Code-Review | Does the project require code review before code is merged?
|
||||
Contributors | Does the project have contributors from at least two different organizations?
|
||||
Dangerous-Workflow | Does the project have GitHub Action workflows avoid dangerous patterns?
|
||||
Dangerous-Workflow | Does the project avoid dangerous coding patterns in GitHub Action workflows?
|
||||
Dependency-Update-Tool | Does the project use tools to help update its dependencies?
|
||||
Fuzzing | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)?
|
||||
Maintained | Is the project maintained?
|
||||
|
@ -657,7 +657,7 @@ checks:
|
||||
on <https://osv.dev>.
|
||||
|
||||
Dangerous-Workflow:
|
||||
risk: High
|
||||
risk: Critical
|
||||
tags: supply-chain, security, infrastructure
|
||||
repos: GitHub, local
|
||||
short: Determines if the project's GitHub Action workflows avoid dangerous patterns.
|
||||
|
Loading…
Reference in New Issue
Block a user