BUG: Unrecognized CI/CDs #4050
Labels
kind/bug
Something isn't working
Comments
|
is this issue intended to organize related issues? Should we use a project board status instead? |
Yes.
Can be, if that's easier for organization. |
|
Added #4075 for Cirrus-CI |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
This bug describes CI/CD tools that repositories may use to perform tests and/or releases. These CI/CDs could be detected by Scorecard when evaluating not only checks such as CI-Tests, Packaging and Signed-Releases, but also, Dangerous-Workflow (as suggested in #3630), Pinned-Dependencies and Token-Permissions.
Reproduction steps
Expected behavior
Scorecard identifies CI/CDs tools other than GitHub Actions when evaluating repository pipelines.
Additional context
This CI Detector gem in Ruby can provide some insights on some CI/CDs used by the community:
https://github.com/ruby/ruby/blob/master/lib/rubygems/ci_detector.rb#L11-L25
The text was updated successfully, but these errors were encountered: