Use annotations to suppress false-positive security warnings

Question

Use annotations to suppress false-positive security warnings

Closed this issue 8 days ago · 2 comments

https://github.com/ossf/scorecard/blob/main/config/README.md#annotating-your-project

for example, in a .github/scorecard.yml

annotations:
  - checks:
      - dangerous-workflow
    reasons:
      - reason: remediated # the workflow is dangerous but only run under maintainers verification and approval

Unsure if non-contributors can see these - so not labeling them good first issue for now

Answer 1 · 2024-09-10T07:31:32.000Z

Unsure if non-contributors can see these - so not labeling them good first issue for now

What do you mean by that? 🤔

Answer 2 · 2024-09-21T02:39:52.000Z

What do you mean by that? 🤔

I don't know if just anyone can see this tab

closed via #6979