Maven-lockfile Alternatives
Similar projects and alternatives to maven-lockfile
-
-
Stream
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
-
-
-
-
changed-files
:octocat: Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories.
-
crxviewer
Add-on / web app to view the source code of Chrome / Firefox / Opera 15 extensions and zip files.
-
harden-runner
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
vet
Next Generation Software Composition Analysis (SCA) with Malicious Package Detection, Code Context & Policy as Code
-
-
paths-filter
Conditionally run actions based on files modified by PR, feature branch or pushed commits
-
-
verify-changed-files
:octocat: Github action to verify file changes that occur during the workflow execution.
-
-
gh-action-pypi-publish
The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI, the tokenless way: https://github.com/marketplace/actions/pypi-publish
-
-
-
malicious-code-ruleset
Focused malicious code detection ruleset, with a high protection-to-noise ratio
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
maven-lockfile discussion
maven-lockfile reviews and mentions
-
Popular GitHub Action tj-actions/changed-files is compromised
It seems to me that pinning to a sha was not sufficient; the Renovate bot was updating actions referenced by sha.
Example: https://github.com/chains-project/maven-lockfile/pull/1111/f...
This appears to be governed by the `pinGitHubActionDigests` helper configured in `renovate.json`.
-
Maven-Lockfile
I saw a thread here about why Maven does not have a [lockfile] and in the research group I am currently working we built one. It is hosted on GitHub; see chains-project/maven-lockfile: Lockfiles for Maven. Pin your dependencies. Build with integrity. (github.com). We provide a maven-plugin and a GitHub action for easy integration. Feedback welcome.
Stats
chains-project/maven-lockfile is an open source project licensed under MIT License which is an OSI approved license.
The primary programming language of maven-lockfile is Java.
Popular Comparisons
Sponsored