Skip to content

chore: pinned dep hash of slsa3 workflow #2803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
samayer12 merged 6 commits into from
Dec 8, 2025
Merged

chore: pinned dep hash of slsa3 workflow #2803

samayer12 merged 6 commits into from
Dec 8, 2025

Conversation

@cmwylie19
Copy link
Contributor

@cmwylie19 cmwylie19 commented Dec 1, 2025

Description

Fixes https://github.com/defenseunicorns/pepr/security/code-scanning/212

The SLSA 3 Workflow needs a pinned dep.

Here is the pinned dep:

> git ls-remote https://github.com/slsa-framework/slsa-github-generator.git refs/tags/v2.1.0

f7dd8c54c2067bafc12ca7a55595d5ee9b75204a	refs/tags/v2.1.0

Here is the sha sum for tag 2.1.0 in the UI

Related Issue

Fixes #

Relates to #

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@cmwylie19 cmwylie19 requested a review from a team as a code owner December 1, 2025 22:22
@cmwylie19 cmwylie19 changed the title chore: release hash of slsa3 workflow chore: pinned dep hash of slsa3 workflow Dec 2, 2025
cmwylie19
cmwylie19 commented Dec 2, 2025
View reviewed changes
@github-project-automation github-project-automation bot moved this to 👀 In review in Pepr Project Board Dec 8, 2025
@samayer12 samayer12 added this pull request to the merge queue Dec 8, 2025
Merged via the queue into main with commit d96f553 Dec 8, 2025
100 of 101 checks passed
@samayer12 samayer12 deleted the security_alerts_pinned_hash branch December 8, 2025 18:37
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in Pepr Project Board Dec 8, 2025
@codecov
Copy link

codecov bot commented Dec 8, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (4eab7f9) to head (a97f6a4).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@     Coverage Diff      @@
##   main   #2803   +/-   ##
============================
============================
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samayer12 samayer12 samayer12 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Pepr Project Board
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cmwylie19 @samayer12