You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to suggest adding support for scanning GitHub Actions and similar workflows in the vet tool. Given their widespread usage, ensuring their security is crucial, especially for open-source projects.
The text was updated successfully, but these errors were encountered:
@UtkarshKher Thanks for the suggestion. It will take some work to do it because the internal data models for vet is specific to handling package dependencies and not general enough to handle something like GHA YAML.
I will explore how this can be supported. It will be great if you can share a bit more information on how do you want to use this feature. Feel free to provide example vet command line demonstrating how this feature should look like from end user experience perspective.
@abhisek It could either be part of the whole scan or, rather, we can have an additional option, say -G, to run Github action scans. Also, it would be good if it could accept both URLs and directory-level input.
Hey Team,
I'd like to suggest adding support for scanning GitHub Actions and similar workflows in the vet tool. Given their widespread usage, ensuring their security is crucial, especially for open-source projects.
The text was updated successfully, but these errors were encountered: