Add OSSF Scorecard (#6769)

* Create scorecard.yml * Add badge * disable publishing * Add security improvements (#181) * Add OSSF Scorecard (#179) * Create scorecard.yml * Add badge * disable publishing * [StepSecurity] Apply security best practices (#180) * [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * Update .pre-commit-config.yaml * Update dependabot.yml * Delete .github/workflows/dependency-review.yml --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Matthias Mair <code@mjmair.com> --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io> * Update to upstream project * disable shellcheck for now --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
2025-06-14 19:15:41 +00:00 · 2024-03-21 00:11:49 +01:00
parent 309263bf03
commit b46b200101
7 changed files with 130 additions and 4 deletions
--- a/.github/workflows/qc_checks.yaml
+++ b/.github/workflows/qc_checks.yaml
@ -112,7 +112,7 @@ jobs:
          pip install -r docs/requirements.txt
          python docs/ci/check_mkdocs_config.py
      - name: Check Links
-        uses: gaurav-nelson/github-action-markdown-link-check@v1
+        uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1
        with:
          folder-path: docs
          config-file: docs/mlc_config.json
@ -187,12 +187,12 @@ jobs:
              version: ${{ needs.schema.outputs.version }}

            steps:
-              - uses: actions/checkout@v4
+              - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
                with:
                    repository: inventree/schema
                    token: ${{ secrets.SCHEMA_PAT }}
              - name: Download schema artifact
-                uses: actions/download-artifact@v3
+                uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
                with:
                  name: schema.yml
              - name: Move schema to correct location
@ -200,7 +200,7 @@ jobs:
                  echo "Version: $version"
                  mkdir export/${version}
                  mv schema.yml export/${version}/api.yaml
-              - uses: stefanzweifel/git-auto-commit-action@v5
+              - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
                with:
                  commit_message: "Update API schema for ${version}"