Skip to content

(chore) pin dependencies for workflows and Docker base images#238

Open
smoy wants to merge 2 commits into
NVIDIA:mainfrom
smoy:chore/pin-dependencies
Open

(chore) pin dependencies for workflows and Docker base images#238
smoy wants to merge 2 commits into
NVIDIA:mainfrom
smoy:chore/pin-dependencies

Conversation

@smoy

@smoy smoy commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Addressing two of the three issues from ossf/scorecard

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71

Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:9: pin your Docker image by updating python:3.12-slim-bookworm to python:3.12-slim-bookworm@sha256:8a7e7cc04fd3e2bd787f7f24e22d5d119aa590d429b50c95dfe12b3abe52f48b
Warn: pipCommand not pinned by hash: Dockerfile:7

smoy added 2 commits June 30, 2026 11:14
Signed-off-by: Steven Moy <github@stevenmoy.com>
Signed-off-by: Steven Moy <github@stevenmoy.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant