Skip to content
TaskBounty
Repository security report

Security report for getsentry/sentry-javascript

We found and prepared one improvement, and reviewed the public workflows for other areas worth hardening. Below: what we prepared, the other categories we found and what they mean, and how to request the fixes. We prepared a change replacing changeable third-party workflow references with fixed versions, to reduce the risk of unexpected upstream changes.

getsentry/sentry-javascript

3 references included in the proposed contribution

Proposed in PR #21486

Awaiting review

Contribution awaiting maintainer review.

Additional candidates detected

Further third-party action pinning

Other third-party action references on mutable tags worth pinning to a fixed version.

8 candidates

Candidates from a public-files scan, not confirmed issues. We confirm each before proposing a change.

Other reviews available

Org-wide Actions hardening

The same review across your other public repositories.

Dependency vulnerability review

Review public dependency manifests for actionable upgrade candidates.

Managed security-update maintenance

Keep updates from becoming a backlog. Learn more.

Request the fixes for this repository

Want us to prepare the rest as reviewable pull requests? Submit your work email and we will confirm useful scope. We can also manage the resulting security-update PRs and repair failed updates. Nothing is opened or changed automatically.

This records your interest in a follow-on review. It does not prove repository-owner authorization, open anything on the repository, or start payment. A person confirms identity and useful scope before any further work.

Public repositories only unless explicitly authorized. Sensitive findings are handled privately. See Security Hardening for details.