Skip to content

(chore) pin dependencies for workflows and Docker base images#238

Open
smoy wants to merge 2 commits into
NVIDIA:mainfrom
smoy:chore/pin-dependencies
Open

(chore) pin dependencies for workflows and Docker base images#238
smoy wants to merge 2 commits into
NVIDIA:mainfrom
smoy:chore/pin-dependencies

Conversation

@smoy

@smoy smoy commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Addressing two of the three issues from ossf/scorecard

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71

Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:9: pin your Docker image by updating python:3.12-slim-bookworm to python:3.12-slim-bookworm@sha256:8a7e7cc04fd3e2bd787f7f24e22d5d119aa590d429b50c95dfe12b3abe52f48b
Warn: pipCommand not pinned by hash: Dockerfile:7

smoy added 2 commits June 30, 2026 11:14
Signed-off-by: Steven Moy <github@stevenmoy.com>
Signed-off-by: Steven Moy <github@stevenmoy.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant