Skip to content

Commit 30e8ef0

Browse files
committed
fix: note about ScoreCards
1 parent 5b07e49 commit 30e8ef0

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

REPOSITORIES.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,8 @@ Central and the current status of the four GitHub Actions workflows we track acr
2424
+ **Java CI**: the main Maven build, including unit tests and static analysis.
2525
+ **CodeQL**: GitHub's semantic code scanning for security vulnerabilities.
2626
+ **Scorecards**: the [OpenSSF Scorecard](https://securityscorecards.dev/) assessment of the repository's
27-
supply-chain security posture.
27+
supply-chain security posture. This workflow only runs against the default branch, so it is marked **N/A** for
28+
secondary branches of components that support multiple lines of development.
2829
+ **Dependency Review**: the pull-request check that flags vulnerable or incompatibly licensed dependency
2930
changes.
3031

0 commit comments

Comments
 (0)