You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the solution you'd like
To enable the CodeQL check for checking for insecure GitHubAction the repository needs a one JavaScript file and CodeQL must be configured to make to analyze for Javascript.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
The scorecard repository has GitHub Actions that can run into script injections. https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#understanding-the-risk-of-script-injections.
To mitigate this there is CodeQL to analyze the code. https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-codeql-to-analyze-your-code
Describe the solution you'd like
To enable the CodeQL check for checking for insecure GitHubAction the repository needs a one JavaScript file and CodeQL must be configured to make to analyze for Javascript.
The text was updated successfully, but these errors were encountered: