Skip to content

Delete dead workflows and update comment for dep-review workflow version #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 4, 2025
Merged

Delete dead workflows and update comment for dep-review workflow version #72

merged 3 commits into from
Apr 4, 2025

Conversation

jebeaudet
Copy link
Contributor

J:FOUND-308

@jebeaudet jebeaudet requested a review from a team as a code owner April 3, 2025 20:33
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 3, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/coveo/public-actions/.github/workflows/java-maven-openjdk-codeql.yml main 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Pinned-Dependencies⚠️ 7dependency not pinned by hash detected -- score normalized to 7
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Branch-Protection⚠️ 5branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 8SAST tool detected but not run on all commits
CI-Tests🟢 1021 out of 21 merged PRs checked by a CI test -- score normalized to 10
Contributors⚠️ 3project has 1 contributing companies or organizations -- score normalized to 3
actions/coveo/public-actions/.github/workflows/java-maven-openjdk-dependency-submission.yml main 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Pinned-Dependencies⚠️ 7dependency not pinned by hash detected -- score normalized to 7
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Branch-Protection⚠️ 5branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 8SAST tool detected but not run on all commits
CI-Tests🟢 1021 out of 21 merged PRs checked by a CI test -- score normalized to 10
Contributors⚠️ 3project has 1 contributing companies or organizations -- score normalized to 3

Scanned Manifest Files

.github/workflows/java-maven-openjdk11-codeql.yml
  • coveo/public-actions/.github/workflows/java-maven-openjdk-codeql.yml@main
.github/workflows/java-maven-openjdk11-dependency-submission.yml
  • coveo/public-actions/.github/workflows/java-maven-openjdk-dependency-submission.yml@main

@jebeaudet jebeaudet changed the title Update dependency-review-v2.yml Delete dead workflows and update comment for dep-review workflow version Apr 3, 2025
@JPLachance JPLachance requested a review from Copilot April 4, 2025 17:30
Copilot
Copilot AI reviewed Apr 4, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 1 out of 4 changed files in this pull request and generated no comments.

Files not reviewed (3)
  • .github/workflows/java-maven-openjdk11-codeql.yml: Language not supported
  • .github/workflows/java-maven-openjdk11-dependency-submission.yml: Language not supported
  • CODEOWNERS: Language not supported

@marcantoinecleroux marcantoinecleroux merged commit d219881 into main Apr 4, 2025
15 checks passed
@marcantoinecleroux marcantoinecleroux deleted the fix/update-dep-review branch April 4, 2025 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@JPLachance JPLachance JPLachance approved these changes

@marcantoinecleroux marcantoinecleroux marcantoinecleroux approved these changes

@Enteris Enteris Awaiting requested review from Enteris Enteris is a code owner automatically assigned from coveo/r-d-security-defence

@mireaulf mireaulf Awaiting requested review from mireaulf mireaulf is a code owner automatically assigned from coveo/r-d-security-defence

@jocgir jocgir Awaiting requested review from jocgir jocgir is a code owner automatically assigned from coveo/r-d-security-defence

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jebeaudet @JPLachance @marcantoinecleroux