FoveaCentral / vaccinesignup / 19251247418
95%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 10
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 94.697%. Remained the same
19251247418

push

github

web-flow 
[StepSecurity] Apply security best practices (#605)

## Summary

This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@ivanoblomov. Please merge the Pull Request to incorporate the requested
changes. Please tag @ivanoblomov on your message if you have any
questions related to the PR.
## Security Fixes

### Pinned Dependencies

GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)
### Harden Runner

[Harden-Runner](https://github.com/step-security/harden-runner) is an
open-source security agent for the GitHub-hosted runner to prevent
software supply chain attacks. It prevents exfiltration of credentials,
detects tampering of source code during build, and enables running jobs
without `sudo` access. See how popular open-source projects use
Harden-Runner
[here](https://docs.stepsecurity.io/whos-using-harden-runner).

<details>
<summary>Harden runner usage</summary>

You can find link to view insights and policy recommendation in the
build log

<img
src="https://github.com/step-security/harden-runner/blob/main/images/buildlog1.png?raw=true"
width="60%" height="60%">

Please refer to
[documentation](https://docs.stepsecurity.io/harden-runner) to find more
details.
</details>

### Keeping your actions up to date with Dependabot

With Dependabot version updates, when Dependabot identifies an outdated
dependency, it raises a pull request to update the manifest to the
latest version of the dependency. This is recommended by GitHub as well
as The Open Source Security Foundation (OpenSSF).

- [GitHub Security
Guide](https://d... (continued)

125 of 132 relevant lines covered (94.7%)

11.86 hits per line

Jobs
ID Job ID Ran Files Coverage
1 19251247418.1 20
94.7
 GitHub Action Run
Source Files on build 19251247418