| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When we patched the CI job to allow checking out git submodules, I
accidentally copy-pasted the wrong workflow yaml file. This made the
nightly scheduled scan use the PR workflow. This workflow does not work
in this setting, and it always just reported green status
Moving back to consuming the workflow from google instead of our fork
again, since the PR with the needed changes have been merged upstream
|
|
|
|
Contains, among other things, stricter validation of osv-scanner.toml
config files. Ignores invalid config files, making their ignores not
ignored
|
|
OpenSSF scorecard gives a warning if the security-events permission is
set to write on the top level, therefore moving it to the job level.
|
|
Based off of googles example workflow
|
