Ouranosinc / xclim / 7613329127 / 1
90%
main: 92%

LAST BUILD BRANCH: dev-v099
DEFAULT BRANCH: main
Ran
Files 70
Run time 2s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 89.818% (-0.005%) from 89.823%
7613329127.1

push

github

web-flow 
[StepSecurity] Apply security best practices (#1606)

## Summary

This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@Zeitsperre. Please merge the Pull Request to incorporate the requested
changes. Please tag @Zeitsperre on your message if you have any
questions related to the PR.
## Security Fixes

### Pinned Dependencies

GitHub Action tags and Docker tags are mutatble. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.

- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)
### Keeping your actions up to date with Dependabot

With Dependabot version updates, when Dependabot identifies an outdated
dependency, it raises a pull request to update the manifest to the
latest version of the dependency. This is recommended by GitHub as well
as The Open Source Security Foundation (OpenSSF).

- [GitHub Security
Guide](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool)
### Maintain Code Quality with Pre-Commit

Pre-commit is a framework for managing and maintaining multi-language
pre-commit hooks. Hooks can be any scripts, code, or binaries that run
at any stage of the git workflow. Pre-commit hooks are useful for
enforcing code quality, code formatting, and detecting security
vulnerabilities.

- [Official Pre-commit documentation](https://pre-commit.com/)
- [Getting Started guide](https://pre-commit.com/#getting-started)


## Feedback
For bug reports, featur... (continued)

8592 of 9566 relevant lines covered (89.82%)

0.9 hits per line

Source Files on job run-{{ matrix.tox-env }}-opt-slow - 7613329127.1