Update Scorecard workflow to use ubuntu-latest

[jkreileder]

This pull request updates the Scorecard workflow to use ubuntu-latest instead of ubuntu-24.04. The previous version was causing failures due to the issue mentioned in ossf/scorecard-action#1150.

Signed-off-by: Jürgen Kreileder jk@blackdown.de

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (046c80d) to head (eac320c).

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #316   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            8         8           
  Lines          147       147           
  Branches        14        14           
=========================================
  Hits           147       147           

Flag	Coverage Δ
python-3.10	100.00% <ø> (ø)
python-3.11	100.00% <ø> (ø)
python-3.12	100.00% <ø> (ø)
python-3.9	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

🔍 Vulnerabilities of jkreileder/cf-ips-to-hcloud-fw:pr-316

📦 Image Reference jkreileder/cf-ips-to-hcloud-fw:pr-316

digest	sha256:a9e1aaeed60c356eae641849bc9b201dcdf757b438726b9c47e95daaafec12f3
vulnerabilities
size	28 MB
packages	72

📦 Base Image python:3-alpine

also known as	3-alpine3.19 3.12-alpine 3.12-alpine3.19 3.12.3-alpine 3.12.3-alpine3.19 alpine alpine3.19
digest	sha256:c583b8590a197db1f6efece2dd244b0259cb6f82c4acc654bfbe48e00e20a7b9
vulnerabilities

pip 24.0 (pypi) pkg:pypi/pip@24.0 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range >=0 Fixed version Not Fixed CVSS Score 7.8 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.11% EPSS Percentile 44th percentile Description An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).

[github-actions]

Recommended fixes for image jkreileder/cf-ips-to-hcloud-fw:pr-316

Base image is python:3-alpine

Name	alpine3.19
Digest	sha256:c583b8590a197db1f6efece2dd244b0259cb6f82c4acc654bfbe48e00e20a7b9
Vulnerabilities
Pushed	1 month ago
Size	21 MB
Packages	56
Flavor	alpine
OS	3.19

The base image is also available under the supported tag(s): 3-alpine3.19, 3.12-alpine, 3.12-alpine3.19, 3.12.3-alpine, 3.12.3-alpine3.19, alpine, alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
3.11-alpine Minor runtime version update Also known as: 3.11.9-alpine 3.11.9-alpine3.19 3.11-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 836 KB Image has same number of vulnerabilities Image contains equal number of packages 3.11-alpine was pulled 19K times last month Image details: Size: 20 MB Flavor: alpine OS: 3.19 Runtime: 3.11.9	1 month ago
3.10-alpine Minor runtime version update Also known as: 3.10.14-alpine 3.10.14-alpine3.19 3.10-alpine3.19	Benefits: Same OS detected Minor runtime version update Image is smaller by 1.3 MB Image contains equal number of packages 3.10-alpine is more popular with 62K pulls per month Image details: Size: 19 MB Flavor: alpine OS: 3.19 Runtime: 3.10.14	1 month ago

[github-actions]

Test Results

  4 files  ±0    4 suites  ±0   3s ⏱️ ±0s
 34 tests ±0   34 ✅ ±0  0 💤 ±0  0 ❌ ±0 
136 runs  ±0  136 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit eac320c. ± Comparison against base commit 046c80d.

[github-actions]

Overview

Image reference	jkreileder/cf-ips-to-hcloud-fw:1	quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-316
- digest	ed9821fe4194	a9e1aaeed60c
- provenance	48ab6e2	0457be7
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	25 MB	28 MB (+3.2 MB)
- packages	72	72
Base Image	python:3.12.3-alpine3.19 also known as: • 3-alpine • 3-alpine3.19 • 3.12-alpine • 3.12-alpine3.19 • 3.12.3-alpine • alpine • alpine3.19	python:3-alpine also known as: • 3-alpine3.19 • 3.12-alpine • 3.12-alpine3.19 • 3.12.3-alpine • 3.12.3-alpine3.19 • alpine • alpine3.19
- vulnerabilities

Labels (3 changes)

• ± 3 changed
• 5 unchanged

-org.opencontainers.image.created=2024-05-09T16:14:32.569Z
+org.opencontainers.image.created=2024-05-16T12:26:27.488Z
 org.opencontainers.image.description=Update Hetzner Cloud firewall rules with current Cloudflare IP ranges
 org.opencontainers.image.licenses=MIT
-org.opencontainers.image.revision=48ab6e2f78e92677684ca33cfd39f41971026801
+org.opencontainers.image.revision=0457be7594f979081bfd74cc89eac5ceff9ffc92
 org.opencontainers.image.source=https://github.com/jkreileder/cf-ips-to-hcloud-fw
 org.opencontainers.image.title=cf-ips-to-hcloud-fw
 org.opencontainers.image.url=https://github.com/jkreileder/cf-ips-to-hcloud-fw
-org.opencontainers.image.version=1.0.11
+org.opencontainers.image.version=pr-316

Policies (0 improved, 1 worsened, 1 missing data)

Policy Name	jkreileder/cf-ips-to-hcloud-fw:1	quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-316	Change	Standing
Copyleft licenses	✅	✅		No Change
Default non-root user	✅	✅		No Change
Fixable critical and high vulnerabilities	✅	✅		No Change
High-profile vulnerabilities	✅	✅		No Change
Outdated base images	✅	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (3 package changes and 0 vulnerability changes)

• ♾️ 3 packages changed
• 69 packages unchanged

Changes for packages of type apk (1 changes)

	Package	Version jkreileder/cf-ips-to-hcloud-fw:1	Version quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-316
♾️	.python-rundeps	20240509.161452	20240516.122648

Changes for packages of type pypi (2 changes)

	Package	Version jkreileder/cf-ips-to-hcloud-fw:1	Version quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-316
♾️	cf-ips-to-hcloud-fw	1.0.11	1.0.12.dev0
♾️	cloudflare	2.19.4	2.20.0