From fd5aab9a6c218f8c286f3532d795019f5efcb2e2 Mon Sep 17 00:00:00 2001 From: Luke Hinds Date: Mon, 10 Jun 2024 12:32:19 +0100 Subject: [PATCH] Add Metadata Signed-off-by: Luke Hinds --- README.md | 23 ++++++++++++----------- action.yml | 8 ++++++-- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index cb6eee4..6d9927a 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,18 @@ Get a security and quality analysis of your dependencies with TrustyPkg! -Trusty is a dependency analysis tool that provides a comprehensive security and -quality analysis of your dependencies. This action integrates Trusty into your -GitHub workflow, allowing you to automatically check the quality of your -dependencies on every pull request. - -Trusty is a service by [stacklok](https://stacklok.com) which analyses thousands -of packages across multiple languages to provide a comprehensive security -and quality analysis of your dependencies. - -Trusty uses a combination of static analysis, machine learning, and malware -detection to provide a comprehensive analysis of your dependencies. +[Trusty](https://trustypkg.dev/), by [Stacklok](https://stacklok.com) is a +dependency analysis tool that provides security and quality analysis of your +dependencies. This action integrates Trusty into your GitHub workflow, +allowing you to automatically check the quality and safety of your dependencies +on every pull request. + +The Trusty service used by this action is analyses thousands of packages a day +across multiple languages to provide a comprehensive security and quality +analysis of your dependencies. Every dependency released by open source developers +are ran through a series of static analysis, machine learning, and malware +detection checks to capture any potential security risks or quality issues and +protect your codebase from malicious or low-quality dependencies. ![Main Pull Request](docs/main.png) diff --git a/action.yml b/action.yml index 9105f46..ca0262b 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,9 @@ -name: "TrustyPkg Action" -description: "Run Trusty against your dependencies for supply chain risks" +name: "Trusty Dependency Safety Check" +description: "Ensure your dependencies are safe and trustworthy" +author: "Trusty Team at Stacklok" +branding: + icon: "alert-triangle" + color: "yellow" inputs: GITHUB_TOKEN: description: "GitHub token"