Skip to content

Commit

Permalink
Default to trusty off
Browse files Browse the repository at this point in the history 
Signed-off-by: nigel brown <[email protected]>
  • Loading branch information
@therealnb
therealnb committed May 17, 2024
1 parent 20fe748 commit 095cb06
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 9 deletions.
13 changes: 5 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,14 +85,11 @@ Configure this action by either inlining these options in your workflow file, or
| `warn-only`+ | When set to `true`, the action will log all vulnerabilities as warnings regardless of the severity, and the action will complete with a `success` status. This overrides the `fail-on-severity` option. | `true`, `false` | `false` |
| `show-openssf-scorecard-levels` | When set to `true`, the action will output information about all the known OpenSSF Scorecard scores for the dependencies changed in this pull request. | `true`, `false` | `true` |
| `warn-on-openssf-scorecard-level` | When `show-openssf-scorecard-levels` is set to `true`, this option lets you configure the threshold for when a score is considered too low and gets a :warning: warning in the CI. | Any positive integer | 3 |
| `trusty-scores`| `trusty-scores` is a boolean to enable or disable Trusty scores | `true`, `false` | `true` |
| `trusty-retries`| `trusty-retries` specifies the number of retries the action uses to fetch from the trusty API. | Any positive integer | 3 |
| `trusty-show`| `trusty-show` is the minimum score package to show. | Any positive integer | 7 |
| `trusty-warn`| `trusty-warn` is the minimum score before a warning is shown. | Any positive integer | 5 |
| `trusty-fail`| `trusty-fail` is the minimum score before a failure is shown and the action is marked as failed. | Any positive integer | 1 |
| `trusty-api`| `trusty-api` is the base url for API calls. There should be no need to change this. | string | 'https://api.trustypkg.dev' |
| `trusty-ui`| `trusty-ui` is the base url for the Trusty UI. There should be no need to change this. | string | 'https://trustypkg.dev' |

| `trusty-scores` | `trusty-scores` is a boolean to enable or disable Trusty scores | `true`, `false` | `false` |
| `trusty-retries` | `trusty-retries` specifies the number of retries the action uses to fetch from the trusty API. | Any positive integer | 3 |
| `trusty-show` | `trusty-show` is the minimum score package to show. | Any positive integer | 7 |
| `trusty-warn` | `trusty-warn` is the minimum score before a warning is shown. | Any positive integer | 5 |
| `trusty-fail` | `trusty-fail` is the minimum score before a failure is shown and the action is marked as failed. | Any positive integer | 1 |

\*not supported for use with GitHub Enterprise Server

Expand Down
2 changes: 1 addition & 1 deletion src/schemas.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ export const ConfigurationOptionsSchema = z
retry_on_snapshot_warnings_timeout: z.number().default(120),
show_openssf_scorecard: z.boolean().optional().default(true),
warn_on_openssf_scorecard_level: z.number().default(3),
trusty_scores: z.boolean().optional().default(true),
trusty_scores: z.boolean().optional().default(false),
trusty_retries: z.number().optional().default(3),
trusty_show: z.number().optional().default(7),
trusty_warn: z.number().optional().default(5),
Expand Down

0 comments on commit 095cb06

Please sign in to comment.