Skip to content

Add OSSF Scorecard configuration file #7744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add OSSF Scorecard configuration file #7744

wants to merge 1 commit into from

Conversation

@mhucka
Copy link
Contributor

@mhucka mhucka commented Nov 9, 2025

This configuration file tells the scanner to ignore unpinned dependencies in the CI workflows. They are a known concern and are judged to be relatively low risk for the time being. They will be addressed in future work. Until then, it is not useful to keep seeing the same warnings repeatedly.

@mhucka
Add OSSF Scorecard configuration file
949e40b 
This configuration file tells the scanner to ignore unpinned
dependencies in the CI workflows. They are a known concern and are
judged to be relatively low risk for the time being. They will be
addressed in future work. Until then, it is not useful to keep seeing
the same warnings repeatedly.
@mhucka mhucka requested review from a team and vtomole as code owners November 9, 2025 03:06
@mhucka mhucka requested a review from senecameeks November 9, 2025 03:06
@github-actions github-actions bot added the size: S 10< lines changed <50 label Nov 9, 2025
@mhucka mhucka requested a review from pavoljuhas November 9, 2025 03:07
@mhucka mhucka added kind/health For CI/testing/release process/refactoring/technical debt items area/dependencies labels Nov 9, 2025
@codecov
Copy link

codecov bot commented Nov 9, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.38%. Comparing base (1deffd6) to head (949e40b).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7744   +/-   ##
=======================================
  Coverage   99.38%   99.38%           
=======================================
  Files        1091     1091           
  Lines       97919    97919           
=======================================
  Hits        97313    97313           
  Misses        606      606

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

pavoljuhas
pavoljuhas reviewed Nov 10, 2025
View reviewed changes
Copy link
Collaborator

@pavoljuhas pavoljuhas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't mind having a reminder we should fix unpinned dependencies.

Can we for now do without yet another config file?

@mhucka
Copy link
Contributor Author

mhucka commented Nov 10, 2025

I don't mind having a reminder we should fix unpinned dependencies.

Can we for now do without yet another config file?

Sure, that's okay too.

@mhucka mhucka closed this Nov 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pavoljuhas pavoljuhas pavoljuhas left review comments

@vtomole vtomole Awaiting requested review from vtomole vtomole is a code owner

@senecameeks senecameeks Awaiting requested review from senecameeks senecameeks is a code owner automatically assigned from quantumlib/cirq-maintainers

Assignees

No one assigned

Labels

area/dependencies kind/health For CI/testing/release process/refactoring/technical debt items size: S 10< lines changed <50

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mhucka @pavoljuhas