Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds scorecard annotations #6979

Merged
merged 1 commit into from
Sep 13, 2024
Merged

Adds scorecard annotations #6979

merged 1 commit into from
Sep 13, 2024

Conversation

bmuenzenmeyer
Copy link
Collaborator

Description

We've long had scorecard results complain about our workflows, though we have taken direct steps to mitigate them.

The newest version of scorecard introduced within #6957 has an annotation feature that should prevent the warnings and the score decrease.

Validation

https://securityscorecards.dev/viewer/?uri=github.com/nodejs/nodejs.org should improve post-merge

Related Issues

Check List

  • I have read the Contributing Guidelines and made commit messages that follow the guideline.
  • I have run npm run format to ensure the code follows the style guide.
  • I have run npm run test to check if all tests are passing.
  • I have run npx turbo build to check if the website builds without errors.
  • I've covered new added functionality with unit tests if necessary.

@bmuenzenmeyer bmuenzenmeyer requested a review from a team as a code owner August 5, 2024 15:52
@vercel Vercel
Copy link

vercel bot commented Aug 5, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nodejs-org ✅ Ready (Inspect) Visit Preview Aug 5, 2024 3:52pm

@AugustinMauroy
Copy link
Member

cc @nodejs/security

@UlisesGascon UlisesGascon mentioned this pull request Sep 10, 2024
Merged
5 tasks
@UlisesGascon
Copy link
Member

I didn't saw that error before, but maybe #7034 solve it?

@bmuenzenmeyer bmuenzenmeyer added the github_actions:pull-request Trigger Pull Request Checks label Sep 13, 2024
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Sep 13, 2024
@github-actions GitHub Actions
Copy link

Unit Test Coverage Report

Lines Statements Branches Functions
Coverage: 92%
 90.67% (593/654) 76.08% (175/230) 94.57% (122/129)

Unit Test Report

Tests Skipped Failures Errors Time
131 0 💤 0 ❌ 0 🔥 5.352s ⏱️

@ovflowd ovflowd added this pull request to the merge queue Sep 13, 2024
Merged via the queue into main with commit 991be60 Sep 13, 2024
14 checks passed
@ovflowd ovflowd deleted the annotate-scorecard branch September 13, 2024 18:44
@bmuenzenmeyer bmuenzenmeyer mentioned this pull request Sep 21, 2024
Closed
joeeames pushed a commit to joeeames/nodejs.org that referenced this pull request Sep 24, 2024
@bmuenzenmeyer @joeeames
Adds scorecard annotations (nodejs#6979)
a37f1a1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@ovflowd ovflowd ovflowd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bmuenzenmeyer @AugustinMauroy @UlisesGascon @ovflowd @RafaelGSS