Security Best Practices

[fperezel]

Hi,

As a member of the Security Team from the Eclipse Foundation, we used a tools Scorecard and StepSecurity to analyze this repo in order to push a pull request that cover some or all the following best practices below:

• Apply least privilege principle to GITHUB_TOKEN
• Add or fine tune the use of Dependabot
• Pin actions to a full length commit SHA

As a result, You will see a PR coming from StepSecurity to help to implement those fixes above which will cover a list of points below identified detected:

• Add or fine tune the use of Dependabot

Please don’t hesitate and reach out if there is something unclear above.

Kind Regards,
Francisco Perez