mirror of
https://github.com/fluxcd/flux2.git
synced 2026-02-08 00:37:27 +00:00
d0e6fcad3f
The main benefit of pinning GitHub actions is the determinism it brings in terms of what version of a given action will be executed. This is a step towards having hermetic builds. Once pinned to a commit, dependabot will automatically issue PRs to update to newer versions. Pinned versions is the only security metric from OpenSSF scorecard that this repository currently have a zero score. Signed-off-by: Paulo Gomes <paulo.gomes@weave.works> |
||
|---|---|---|
| .. | ||
| aur | ||
| ISSUE_TEMPLATE | ||
| kind | ||
| runners | ||
| workflows | ||
| dependabot.yml | ||