Skip to content

ci: refresh standards reusable pins to current HEAD (d7c2271)#58

Merged
hyperpolymath merged 3 commits into
mainfrom
ci/repin-standards-reusables-d7c2271
Jun 27, 2026
Merged

ci: refresh standards reusable pins to current HEAD (d7c2271)#58
hyperpolymath merged 3 commits into
mainfrom
ci/repin-standards-reusables-d7c2271

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Refresh hyperpolymath/standards reusable pins to current main HEAD d7c22711e830e1f383846472f6e9b99debdb201e (carries the actions/cache repair, GITHUB_TOKEN wiring, --exit-zero, and the SD022 scanner compile fix). Mechanical pin refresh; propagation of hyperpolymath/hypatia#464.


Generated by Claude Code

@hyperpolymath
hyperpolymath merged commit b1e4533 into main Jun 27, 2026
1 check passed
@hyperpolymath
hyperpolymath deleted the ci/repin-standards-reusables-d7c2271 branch June 27, 2026 10:59
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/hyperpolymath/standards/.github/workflows/scorecard-reusable.yml d7c22711e830e1f383846472f6e9b99debdb201e 🟢 7.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Signed-Releases⚠️ -1no releases found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
License🟢 10license file detected
SAST🟢 9SAST tool detected but not run on all commits
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Vulnerabilities🟢 46 existing vulnerabilities detected
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
CI-Tests🟢 1027 out of 27 merged PRs checked by a CI test -- score normalized to 10

Scanned Files

  • .github/workflows/scorecard.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant