Skip to content

Add SLSA workflow#190

Merged
dorssel merged 1 commit into
mainfrom
add_slsa
Jun 28, 2026
Merged

Add SLSA workflow#190
dorssel merged 1 commit into
mainfrom
add_slsa

Conversation

@dorssel

@dorssel dorssel commented Jun 28, 2026

Copy link
Copy Markdown
Owner

No description provided.

@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml f7dd8c54c2067bafc12ca7a55595d5ee9b75204a 🟢 6.6
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Security-Policy🟢 10security policy file detected
Dependency-Update-Tool🟢 10update tool detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 10license file detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases🟢 105 out of the last 5 releases have a total of 5 signed artifacts.
SAST🟢 7SAST tool detected but not run on all commits
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 2branch protection is not maximal on development and all release branches
CI-Tests⚠️ 27 out of 28 merged PRs checked by a CI test -- score normalized to 2
Vulnerabilities⚠️ 0143 existing vulnerabilities detected
Contributors🟢 10project has 33 contributing companies or organizations

Scanned Files

  • .github/workflows/slsa.yml

@codecov

codecov Bot commented Jun 28, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (4888ccf) to head (d44cf5f).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff            @@
##              main      #190   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            4         4           
  Lines           81        81           
  Branches        14        14           
=========================================
  Hits            81        81           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

@github-actions

Copy link
Copy Markdown
Contributor

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 7 0 0 0.07s
✅ ACTION zizmor 7 0 0 1.93s
✅ EDITORCONFIG editorconfig-checker 55 0 0 0.09s
✅ JSON jsonlint 3 0 0 0.12s
✅ JSON prettier 3 0 0 0.52s
✅ JSON v8r 3 0 0 2.93s
✅ MARKDOWN markdownlint 2 0 0 0.77s
✅ MARKDOWN markdown-table-formatter 2 0 0 0.21s
✅ REPOSITORY checkov yes no no 19.34s
✅ REPOSITORY gitleaks yes no no 0.22s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 51.41s
✅ REPOSITORY osv-scanner yes no no 0.67s
✅ REPOSITORY secretlint yes no no 0.96s
✅ REPOSITORY syft yes no no 3.76s
✅ REPOSITORY trivy-sbom yes no no 4.54s
✅ REPOSITORY trufflehog yes no no 4.39s
✅ XML xmllint 5 0 0 0.36s
✅ YAML prettier 12 0 0 1.42s
✅ YAML v8r 12 0 0 8.65s
✅ YAML yamllint 12 0 0 0.56s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@dorssel dorssel merged commit f4284ac into main Jun 28, 2026
9 checks passed
@dorssel dorssel deleted the add_slsa branch June 28, 2026 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant