github.com/cilium/cilium@v1.16.2/.clomonitor.yml

github.com/cilium/cilium@v1.16.2/.clomonitor.yml (about)

     1  # CLOMonitor metadata file
     2  
     3  exemptions:
     4    - check: slack_presence
     5      reason: "The Cilium slack community can be found at https://slack.cilium.io" # Justification of this exemption
     6  
     7    - check: dangerous_workflow
     8      reason: >
     9        "It is safe to run code checkout '${{ github.event.pull_request.head.sha }}' 
    10        and 'github.event.pull_request.head.ref' in .github/workflows/build-images-base.yaml 
    11        as this workflow is only permitted to be executed after an explicit approval of a 
    12        subset of committers."
    13  
    14    - check: signed_releases
    15      reason: >
    16        "All Cilium release images are cryptographically signed during build by cosign. 
    17        Images are hosted in Quay. OpenSSF Scorecard check is currently limited to repositories 
    18        hosted on GitHub, and does not support other source hosting repositories."
    19  
    20    - check: token_permissions
    21      reason: >
    22        "Reason to use every non-read-only token in GitHub workflows is commented in the respective workflow files."