Skip to content

Add OSSF Scorecard GHA workflow#1244

Merged
rgoldberg merged 4 commits intomas-cli:mainfrom
rgoldberg:7.1.0/1243-ossf-scorecard
May 5, 2026
Merged

Add OSSF Scorecard GHA workflow#1244
rgoldberg merged 4 commits intomas-cli:mainfrom
rgoldberg:7.1.0/1243-ossf-scorecard

Conversation

@rgoldberg
Copy link
Copy Markdown
Member

@rgoldberg rgoldberg commented May 5, 2026

Add OSSF Scorecard GHA workflow.

Update dependencies.

Resolve #1243

@rgoldberg
Update dependencies.
fe5c4a0 
Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com>
@rgoldberg rgoldberg added this to the 7.1.0 milestone May 5, 2026
@rgoldberg rgoldberg self-assigned this May 5, 2026
@rgoldberg rgoldberg requested a review from a team as a code owner May 5, 2026 10:01
@rgoldberg rgoldberg added chore Administrative task: documentation, build, test, release, git, etc. dependencies Update dependencies labels May 5, 2026
@rgoldberg rgoldberg force-pushed the 7.1.0/1243-ossf-scorecard branch from b88f7a2 to e94276b Compare May 5, 2026 10:03
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the ipsw tool to version 3.1.674 and the swift-json dependency to version 3.3.1. Consequently, several private framework header files have been regenerated to reflect the new ipsw version. Feedback indicates that although the pull request description mentions the addition of an OSSF Scorecard workflow, the corresponding workflow file is missing from the current changes.

Comment thread Package.swift
@rgoldberg rgoldberg force-pushed the 7.1.0/1243-ossf-scorecard branch 2 times, most recently from 42909c7 to 134f1a3 Compare May 5, 2026 10:12
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 5, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@rgoldberg rgoldberg force-pushed the 7.1.0/1243-ossf-scorecard branch 2 times, most recently from 36d8dd7 to 9b2f27e Compare May 5, 2026 13:43
@rgoldberg
Copy link
Copy Markdown
Member Author

rgoldberg commented May 5, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the ipsw tool version to 3.1.674 in the Brewfile and regenerates the private framework headers. Additionally, the swift-json dependency is updated to version 3.3.1 in both Package.swift and Package.resolved. I have no feedback to provide.

rgoldberg added 3 commits May 5, 2026 11:02
@rgoldberg
Add OSSF Scorecard GHA workflow.
45199c6 
Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com>
@rgoldberg
Tighten permissions for release-published.yaml.
e157fc3 
Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com>
@rgoldberg
Update GEMINI.md.
76160a3 
Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com>
@rgoldberg rgoldberg force-pushed the 7.1.0/1243-ossf-scorecard branch from 9b2f27e to 76160a3 Compare May 5, 2026 15:03
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@rgoldberg rgoldberg merged commit 3550962 into mas-cli:main May 5, 2026
11 checks passed
@rgoldberg rgoldberg deleted the 7.1.0/1243-ossf-scorecard branch May 5, 2026 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@rgoldberg rgoldberg

Labels

chore Administrative task: documentation, build, test, release, git, etc. dependencies Update dependencies

Projects

None yet

Milestone

7.1.0

Development

Successfully merging this pull request may close these issues.

Add OSSF Scorecard GHA workflow

2 participants

@rgoldberg @github-advanced-security