Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve OSSF Score #1357

Merged
merged 11 commits into from
Dec 27, 2023
Merged

Improve OSSF Score #1357

merged 11 commits into from
Dec 27, 2023

Conversation

mmorel-35
Copy link
Collaborator

@mmorel-35 mmorel-35 commented Dec 27, 2023
edited
Loading

This is related to #829

It provides two new workflows to provide advices in order to improve the security of toolshed and the dependent projects.

It also includes the definition of permissions and the use of sha instead of version.
No worries dependabot is able to update the sha and the version in the comment ;)

Signed-off-by: Matthieu MOREL matthieu.morel35@gmail.com

@mmorel-35
Create codeql.yml
b681e46 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35
Create scorecard.yml
5b4b844 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@netlify Netlify
Copy link

netlify bot commented Dec 27, 2023
edited
Loading

Deploy Preview for nifty-bassi-e26446 ready!

Name Link
🔨 Latest commit 7241c8b
🔍 Latest deploy log https://app.netlify.com/sites/nifty-bassi-e26446/deploys/658be6455778f9000823245a
😎 Deploy Preview https://deploy-preview-1357--nifty-bassi-e26446.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@mmorel-35
Improve OSSF score
4826c49 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35
Merge branch 'main' into security
cd08bf2 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
phlax
phlax reviewed Dec 27, 2023
View reviewed changes
Copy link
Member

@phlax phlax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for working on this @mmorel-35 - nice cleanups/additions

.github/workflows/ci.yml Show resolved Hide resolved
.github/workflows/codeql.yml Outdated Show resolved Hide resolved
.github/workflows/codeql.yml Outdated Show resolved Hide resolved
.github/workflows/codeql.yml Outdated Show resolved Hide resolved
.github/workflows/codeql.yml Outdated Show resolved Hide resolved
.github/workflows/scorecard.yml Outdated Show resolved Hide resolved
mmorel-35 and others added 4 commits December 27, 2023 09:34
@mmorel-35 @phlax
Update .github/workflows/scorecard.yml
aec15e8 
Co-authored-by: phlax <phlax@users.noreply.github.com>
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35
Update codeql.yml
9f0e8c8 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35
Update scorecard.yml
3670796 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35
Update codeql.yml
5cacf44 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35 mmorel-35 requested a review from phlax December 27, 2023 08:45
@mmorel-35
Update actions.yml
1f2ff45 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
phlax
phlax reviewed Dec 27, 2023
View reviewed changes
Copy link
Member

@phlax phlax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small nits and then gtm, thanks @mmorel-35

.github/workflows/codeql.yml Outdated Show resolved Hide resolved
.github/workflows/actions.yml Outdated Show resolved Hide resolved
mmorel-35 and others added 2 commits December 27, 2023 09:53
@mmorel-35 @phlax
Update .github/workflows/codeql.yml
926f480 
Co-authored-by: phlax <phlax@users.noreply.github.com>
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
@mmorel-35
Update actions.yml
7241c8b 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
phlax
phlax approved these changes Dec 27, 2023
View reviewed changes
Copy link
Member

@phlax phlax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks @mmorel-35

@phlax phlax merged commit 4c28ebd into envoyproxy:main Dec 27, 2023
22 checks passed
@mmorel-35 mmorel-35 deleted the security branch December 27, 2023 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phlax phlax phlax approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mmorel-35 @phlax