molecule-core

History

Molecule AI Core-DevOps 03689e3d9a All checks were successful Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s Details sop-tier-check / tier-check (pull_request) Successful in 5s Details audit-force-merge / audit (pull_request) Successful in 6s Details ci: pin GitHub Actions by SHA instead of mutable tags - actions/checkout@v6 → @de0fac2e4500dabe0009e67214ff5f5447ce83dd (v6.0.2) in secret-pattern-drift.yml - pypa/gh-action-pypi-publish@release/v1 → @cef221092ed1bacb1cc03d23a2d87d1d172e277b in publish-runtime.yml Mutable action tags (e.g. @v6, @release/v1) can silently resolve to different code over time, creating supply-chain risk. SHA-pinning ensures the exact commit runs every time. Workspace Dockerfile was already compliant (python:3.11-slim@sha256:...). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>		2026-05-10 07:55:39 +00:00
..
scripts	fix(scripts): migrate ghcr.io→ECR + raw.githubusercontent.com→Gitea (#46 )	2026-05-07 00:56:23 -07:00
workflows	ci: pin GitHub Actions by SHA instead of mutable tags	2026-05-10 07:55:39 +00:00
CODEOWNERS
dependabot.yml	chore(security): pin Actions to SHAs + enable Dependabot auto-bumps	2026-04-28 15:37:06 -07:00