Skip to content

fix Scorecard findings: permissions and pinned dependencies#93

Merged
iicky merged 3 commits into
mainfrom
fix/scorecard-findings
Mar 29, 2026
Merged

fix Scorecard findings: permissions and pinned dependencies#93
iicky merged 3 commits into
mainfrom
fix/scorecard-findings

Conversation

@iicky

@iicky iicky commented Mar 29, 2026
edited
Loading

Copy link
Copy Markdown
Owner
  • Add permissions: read-all to ci, release, codeql, python, node workflows
  • Pin github/codeql-action to full SHA
  • Add LICENSE pointer file for badge detection
  • Add OpenSSF Best Practices badge to README
  • Add SLSA Level 2 badge and document provenance in THREAT_MODEL
  • Extend vulnerability response SLA from 7 to 14 days
  • Require tests for new features (should → must) in CONTRIBUTING
  • Add DCO reference to CONTRIBUTING
  • Add ROADMAP.md (near-term, someday, non-goals)

@codecov

codecov Bot commented Mar 29, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.41%. Comparing base (bae353d) to head (fb127ee).
⚠️ Report is 4 commits behind head on main.
✅ All tests successful. No failed tests found.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@iicky iicky enabled auto-merge March 29, 2026 03:07
@iicky iicky merged commit 96f92c0 into main Mar 29, 2026
31 checks passed
@iicky iicky deleted the fix/scorecard-findings branch March 29, 2026 03:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iicky