Add OSSF Scorecard (#6769)

* Create scorecard.yml * Add badge * disable publishing * Add security improvements (#181) * Add OSSF Scorecard (#179) * Create scorecard.yml * Add badge * disable publishing * [StepSecurity] Apply security best practices (#180) * [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * Update .pre-commit-config.yaml * Update dependabot.yml * Delete .github/workflows/dependency-review.yml --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Matthias Mair <code@mjmair.com> --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io> * Update to upstream project * disable shellcheck for now --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
2025-06-15 03:25:42 +00:00 · 2024-03-21 00:11:49 +01:00
parent 309263bf03
commit b46b200101
7 changed files with 130 additions and 4 deletions
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@ -24,8 +24,14 @@ on:
    branches:
      - 'master'

+permissions:
+  contents: read
+
 jobs:
  paths-filter:
+    permissions:
+      contents: read  # for dorny/paths-filter to fetch a list of changed files
+      pull-requests: read  # for dorny/paths-filter to read pull requests
    name: Filter
    runs-on: ubuntu-latest