eterna2 / kest / 24282524813
92%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 53
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 90.962%. Remained the same
24282524813

push

github

web-flow 
security: harden OpenSSF Scorecard posture (2.9 → ~7/10) (#14)

- fix(ci): Dangerous-Workflow — neutralize script injection via github.head_ref
  by routing through env var (HEAD_REF) in preview-site.yml (lines 49, 147)

- fix(ci): Token-Permissions — add explicit permissions blocks to all workflows;
  demote top-level grants to 'contents: read'; push write permissions down to
  individual jobs that actually need them (ci.yml, deploy-site.yml, preview-site.yml)

- feat(ci): add CodeQL SAST workflow (.github/workflows/codeql.yml)
  runs on push/PR/weekly for Python; SHA-pinned actions

- feat(deps): add Dependabot config (.github/dependabot.yml)
  covers GitHub Actions, Cargo, pip, and npm ecosystems (weekly)

- feat(repo): add CODEOWNERS (.github/CODEOWNERS) for codeowner review support

- fix(ci): pin all GitHub Action references to immutable commit SHAs
  across ci.yml, deploy-site.yml, preview-site.yml, release.yml,
  scorecard-analysis.yml, codeql.yml (19 GitHub-owned + 14 third-party actions)

- fix(docker): pin python:3.11-slim base image to digest SHA in Dockerfile

- fix(rust): upgrade pyo3 0.21 → 0.24.2 to resolve RUSTSEC-2025-0020
  (buffer overflow in PyString::from_object) and GHSA-q4gf-8mx6-v5v3
  - update PyBytes::new_bound → PyBytes::new (API change in 0.24)
  - update deprecated to_object → into_pyobject
  - prefix unused _py parameter

- fix(security): update SECURITY.md with clickable GitHub Private
  Vulnerability Reporting link (fixes Scorecard 'no linked content' warning)

All 148 unit tests pass. cargo audit shows 0 vulnerabilities.

2788 of 3065 relevant lines covered (90.96%)

0.91 hits per line

Jobs
ID Job ID Ran Files Coverage
1 24282524813.1 53
90.96
 GitHub Action Run
Source Files on build 24282524813