Skip to content

Fix/ossf scorecard workflow #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 4, 2025
Merged

Fix/ossf scorecard workflow #153

merged 2 commits into from
Nov 4, 2025

Conversation

@hdamecharla
Copy link
Member

@hdamecharla hdamecharla commented Nov 4, 2025

This pull request updates dependencies in the .github/workflows/ossf-scoreboard.yml workflow to use newer commit SHAs for both the OSSF Scorecard action and the upload to GitHub's code scanning dashboard. These updates help ensure that the workflow uses the latest bug fixes and improvements from these actions.

Dependency updates:

  • Updated ossf/scorecard-action commit to use version 2.4.3, which may include important bug fixes or improvements.
  • Updated github/codeql-action/upload-sarif commit for the code scanning upload step.

@hdamecharla hdamecharla self-assigned this Nov 4, 2025
@hdamecharla hdamecharla requested a review from a team as a code owner November 4, 2025 11:06
Copilot AI review requested due to automatic review settings November 4, 2025 11:06
@hdamecharla hdamecharla added the dependencies Pull requests that update a dependency file label Nov 4, 2025
Copilot AI reviewed Nov 4, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the OSSF Scorecard workflow by upgrading action versions and improving documentation. The changes enhance security supply-chain analysis by ensuring the workflow uses the latest stable versions with verified commit hashes.

  • Upgraded ossf/scorecard-action from v2.4.0 to v2.4.3
  • Updated github/codeql-action/upload-sarif commit hash while maintaining v4.31.2
  • Added clarifying comments for the code scanning upload step

@hdamecharla hdamecharla requested a review from Copilot November 4, 2025 11:18
Copilot AI reviewed Nov 4, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

@hdamecharla hdamecharla merged commit e7b58ac into Azure:main Nov 4, 2025
20 of 21 checks passed
@hdamecharla hdamecharla deleted the fix/ossf-scorecard-workflow branch November 4, 2025 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@devanshjainms devanshjainms devanshjainms approved these changes

Assignees

@hdamecharla hdamecharla

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hdamecharla @devanshjainms