chore: bump claws version number + enable the new rule#4
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR updates the claws security scanning tool to version 0.9.0 and enables a new security rule for detecting static credential usage in GitHub Actions checkout operations.
- Updates claws-scan version from 0.7.3 to 0.9.0
- Enables the new CheckoutWithStaticCredentials rule in the claws configuration
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .github/workflows/claws.yml | Updates gem installation to use claws-scan version 0.9.0 |
| claws/config.yml | Adds CheckoutWithStaticCredentials rule to the enabled security checks |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Heh, Claws is failing in this PR because it's trying to use the old version with the new config... to be honest I'm not sure how that's possible since the new config isn't even on main yet? edit: oh the workflow is running on main, and |
… check out the PR version instead... annoying!
This ended up causing this PR to be unmergeable. I updated the workflow to always fetch main, so the version of claws and its configuration are always in sync! This would have only blocked PRs in this repo, nowhere else, so if we were somehow able to merge it, we'd still be fine. |
|
/no-platform |
Claws has had a couple of changes since the last version. This updates the version we're using for the org and also updates the claws configuration file to enable the new rule that was added in Betterment/claws#7. Need to wait on Betterment/claws#8 being merged first though!