mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
📖 Fixes description for webhook check (#1882)
Signed-off-by: Scott Ford <scott@scottford.io>
This commit is contained in:
parent
0275a94a3f
commit
cd0470403b
@ -421,7 +421,7 @@ Name | Description | Risk Level | Token Req
|
||||
[Signed-Releases](docs/checks.md#signed-releases) | Does the project cryptographically [sign releases](https://wiki.debian.org/Creating%20signed%20GitHub%20releases)? | High | PAT, GITHUB_TOKEN |
|
||||
[Token-Permissions](docs/checks.md#token-permissions) | Does the project declare GitHub workflow tokens as [read only](https://docs.github.com/en/actions/reference/authentication-in-a-workflow)? | High | PAT, GITHUB_TOKEN |
|
||||
[Vulnerabilities](docs/checks.md#vulnerabilities) | Does the project have unfixed vulnerabilities? Uses the [OSV service](https://osv.dev). | High | PAT, GITHUB_TOKEN |
|
||||
[Webhooks](docs/checks.md#webhooks) | Does the project have unfixed vulnerabilities? Uses the [OSV service](https://osv.dev). | High | maintainer PAT (`admin: repo_hook` or `admin> read:repo_hook` [doc](https://docs.github.com/en/rest/webhooks/repo-config#get-a-webhook-configuration-for-a-repository) | EXPERIMENTAL
|
||||
[Webhooks](docs/checks.md#webhooks) | Does the webhook defined in the repository have a token configured to authenticate the origins of requests? | High | maintainer PAT (`admin: repo_hook` or `admin> read:repo_hook` [doc](https://docs.github.com/en/rest/webhooks/repo-config#get-a-webhook-configuration-for-a-repository) | EXPERIMENTAL
|
||||
|
||||
### Detailed Checks Documentation
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user