Update Supply-chain Security Scorecard #1986
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A recent run of the Supply-chain Security Scorecard have failed because of attempted access to an address that is not in the list of
allowed-endpoints
. The address should be allowed so this adds it to theallowed-endpoints
. In addition, theegress-policy
is set to audit for now so that theallowed-endpoints
list can be verified.In addition, the PR includes a change recommended by
dependabot
to updategithub/codeql-actions
to v2.2.9.This change is