Details
-
Bug
-
Status: In Progress
-
Major
-
Resolution: Unresolved
-
3.2.1
-
None
-
None
Description
- The workflow files don't have permission restricted. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
- In some of the workflows, the actions aren't pinned by SHA. https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies