Skip to content

run through stepsecurity hardener #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 12, 2022
Merged

run through stepsecurity hardener #73

merged 6 commits into from
May 12, 2022

Conversation

wallies
Copy link
Contributor

@wallies wallies commented May 10, 2022

Summary

Ran .github workflows through https://app.stepsecurity.io/ as per ossf https://github.com/ossf/scorecard/blob/main/docs/checks.md. Also added ossf scorecard but it can also easily be added via https://github.com/marketplace/actions/ossf-scorecard-action, also needs a PAT as explained in the docs

Here is an example run from ossf scorecard https://app.stepsecurity.io/github/ossf/scorecard/actions/runs/2260401753.
If you add the detected endpoints, you can then turn into block mode if you wish and guarantee nothing will be added into the CI flow

@wallies wallies force-pushed the stepsecurity-harden branch from 970ead3 to 2346410 Compare May 10, 2022 06:25
woodruffw
woodruffw requested changes May 10, 2022
View reviewed changes
@woodruffw woodruffw self-assigned this May 10, 2022
@woodruffw woodruffw added qa quality assurance component:cicd CI/CD labels May 10, 2022
@wallies wallies force-pushed the stepsecurity-harden branch from ee04dba to 5a14834 Compare May 11, 2022 22:07
@wallies wallies requested a review from woodruffw May 11, 2022 22:07
woodruffw
woodruffw previously approved these changes May 11, 2022
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! I'll make the PAT and then merge.

@woodruffw
Copy link
Member

...or not: looks like one of the repo admins will need to do it (in which case it should be their PAT, not mine.)

di
di reviewed May 12, 2022
View reviewed changes
@di di merged commit c9b177b into sigstore:main May 12, 2022
javanlacerda pushed a commit to javanlacerda/sigstore-python that referenced this pull request Feb 23, 2024
@woodruffw
workflows: remove broadcaster workflow (sigstore#73)
bab0757 
Signed-off-by: William Woodruff <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

@woodruffw woodruffw woodruffw left review comments

Assignees

@woodruffw woodruffw

Labels
component:cicd CI/CD qa quality assurance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wallies @woodruffw @di