Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: pin all dependencies by SHA #1005

Merged
merged 1 commit into from
Jan 13, 2025
Merged

Conversation

pmalek
Copy link
Member

@pmalek pmalek commented Jan 13, 2025

What this PR does / why we need it:

Pin all dependencies (in Dockerfiles) by SHA and run scorecard on CI in tests/ossf-scorecard job.

Which issue this PR fixes

Fixes #

Special notes for your reviewer:

PR Readiness Checklist:

Complete these before marking the PR as ready to review:

  • the CHANGELOG.md release notes have been updated to reflect significant changes

@pmalek pmalek added the area/ci label Jan 13, 2025
@pmalek pmalek force-pushed the ensure-ossf-pinned-dependencies branch 5 times, most recently from b1c23dc to 5fa2ec2 Compare January 13, 2025 13:47
@pmalek pmalek force-pushed the ensure-ossf-pinned-dependencies branch from 5fa2ec2 to 3568b11 Compare January 13, 2025 13:48
@pmalek pmalek self-assigned this Jan 13, 2025
@pmalek pmalek marked this pull request as ready for review January 13, 2025 13:53
@pmalek pmalek requested a review from a team as a code owner January 13, 2025 13:53
@pmalek pmalek enabled auto-merge (squash) January 13, 2025 15:01
@pmalek pmalek merged commit 55425fb into main Jan 13, 2025
24 checks passed
@pmalek pmalek deleted the ensure-ossf-pinned-dependencies branch January 13, 2025 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants