make critical (#1348)

This commit is contained in:
laurentsimon 2021-12-03 09:55:54 -08:00 committed by GitHub
parent 45b5a35020
commit b8d7a6b722
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions

View File

@ -357,7 +357,7 @@ CI-Tests | Does the project run tests in CI, e.g. [GitHub Act
CII-Best-Practices | Does the project have a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)?
Code-Review | Does the project require code review before code is merged?
Contributors | Does the project have contributors from at least two different organizations?
Dangerous-Workflow | Does the project have GitHub Action workflows avoid dangerous patterns?
Dangerous-Workflow | Does the project avoid dangerous coding patterns in GitHub Action workflows?
Dependency-Update-Tool | Does the project use tools to help update its dependencies?
Fuzzing | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)?
Maintained | Is the project maintained?

View File

@ -657,7 +657,7 @@ checks:
on <https://osv.dev>.
Dangerous-Workflow:
risk: High
risk: Critical
tags: supply-chain, security, infrastructure
repos: GitHub, local
short: Determines if the project's GitHub Action workflows avoid dangerous patterns.