Skip to content

feat: add a workflow to run Macaron for supply chain security detection#1099

Draft
behnazh wants to merge 1 commit intomainfrom
behnazh/add-macaron-check
Draft

feat: add a workflow to run Macaron for supply chain security detection#1099
behnazh wants to merge 1 commit intomainfrom
behnazh/add-macaron-check

Conversation

@behnazh
Copy link
Copy Markdown
Collaborator

@behnazh behnazh commented Feb 25, 2026
edited
Loading

Summary

This PR adds a new workflow to run Macaron for supply chain security detection.

It enables the check-github-actions policy to analyze GitHub workflows for insecure patterns and potential risks. When issues are detected, detailed findings and remediation suggestions are included in the workflow summary. Full reports are also uploaded as workflow artifacts for further review.

For more details, see: https://oracle.github.io/macaron/pages/macaron_action.html

@behnazh behnazh force-pushed the behnazh/add-macaron-check branch 2 times, most recently from 4a567e3 to 881fb84 Compare March 31, 2026 09:17
@behnazh behnazh force-pushed the behnazh/add-macaron-check branch from 881fb84 to ededb89 Compare March 31, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jenstroeger jenstroeger Awaiting requested review from jenstroeger jenstroeger will be requested when the pull request is marked ready for review jenstroeger is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@behnazh