Merge branch 'main' into dockerfile-heredocs

ossf · Jan 10, 2024 · f41e9a0 · f41e9a0
2 parents fc185b5 + 6c345f1
commit f41e9a0
Show file tree

Hide file tree

Showing 63 changed files with 22,813 additions and 696 deletions.
diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml
@@ -24,4 +24,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4
+        uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5
diff --git a/README.md b/README.md
@@ -517,7 +517,7 @@ For a guide to the checks you should use when getting started, see the [beginner
 
 [Two-factor Authentication (2FA)](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication) adds an extra layer of security when logging into websites or apps. 2FA protects your account if your password is compromised by requiring a second form of authentication, such as codes sent via SMS or authentication app, or touching a physical security key.
 
-We strongly recommend that you enable 2FA on GitHub and any important account where it is available. 2FA is not a Scorecard check because GitHub does not make that data about user accounts public. Arguably, this data should always remain private, since accounts without 2FA are so vulnerable to attack.
+We strongly recommend that you enable 2FA on any important accounts where it is available. 2FA is not a Scorecard check because GitHub and GitLab do not make that data about user accounts public. Arguably, this data should always remain private, since accounts without 2FA are so vulnerable to attack.
 
 Though it is not an official check, we urge all project maintainers to enable 2FA to protect their projects from compromise.