Use annotations to suppress false-positive security warnings
Closed this issue · 2 comments
bmuenzenmeyer commented
https://github.com/ossf/scorecard/blob/main/config/README.md#annotating-your-project
for example, in a .github/scorecard.yml
annotations:
- checks:
- dangerous-workflow
reasons:
- reason: remediated # the workflow is dangerous but only run under maintainers verification and approval
Unsure if non-contributors can see these - so not labeling them good first issue
for now
ovflowd commented
Unsure if non-contributors can see these - so not labeling them good first issue for now
What do you mean by that? 🤔
bmuenzenmeyer commented