# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained

          path: ./site/**
          include-hidden-files: true

  # https://github.com/marketplace/actions/alls-green#why
  docs-all-green:  # This job does nothing and is only used for the branch protection
    if: always()
    needs:
      - build-docs
    runs-on: ubuntu-latest
    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@release/v1

          include-hidden-files: true
      - run: uv run coverage report --fail-under=100

  # https://github.com/marketplace/actions/alls-green#why
  check:  # This job does nothing and is only used for the branch protection
    if: always()
    needs:
      - coverage-combine
      - benchmark
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub context
        env:

## Risque CSRF { #csrf-risk }

Ce comportement par défaut offre une protection contre une catégorie d’attaques de Cross-Site Request Forgery (CSRF) dans un scénario très spécifique.

errors.failed_to_upload_kuromoji_file = Échec du téléversement d'un fichier Kuromoji.
errors.failed_to_download_protwords_file = Échec du téléchargement d'un fichier de mots de protection.
errors.failed_to_upload_protwords_file = Échec du téléversement d'un fichier de mots de protection.
errors.failed_to_download_stopwords_file = Échec du téléchargement d'un fichier de mots vides.

- Add a deletion protection mechanism for PodGroup objects. ([#137641](https://github.com/kubernetes/kubernetes/pull/137641), [@helayoty](https://github.com/helayoty)) [SIG API Machinery, Apps, Auth, Scheduling and Storage]

- Improved PVC Protection Controller's scalability by batch-processing PVCs by namespace with lazy live pod listing. ([#125372](https://github.com/kubernetes/kubernetes/pull/125372), [@hungnguyen243](https://github.com/hungnguyen243)) [SIG Apps, Node, Storage and Testing]

response.highlight.content_title.enabled=true
# Inline MIME types for the response.
response.inline.mimetypes=application/pdf,text/plain
# HTTP headers for the response.
response.headers=\
text/html=X-XSS-Protection: 1; mode=block\n\
text/html=Content-Security-Policy: reflected-xss block\n\
text/html=X-Frame-Options: SAMEORIGIN\n\


# document index

# Index name for search documents.

    /** The key of the configuration. e.g. application/pdf,text/plain */
    String RESPONSE_INLINE_MIMETYPES = "response.inline.mimetypes";

    /** The key of the configuration. e.g. text/html=X-XSS-Protection: 1; mode=block<br>
     * text/html=Content-Security-Policy: reflected-xss block<br>
     * text/html=X-Frame-Options: SAMEORIGIN<br>
     *  */
    String RESPONSE_HEADERS = "response.headers";

- kube-apiserver: the `StorageObjectInUseProtection` admission plugin added the `kubernetes.io/vac-protection` finalizer to the given VolumeAttributesClass object when it is created if the feature-gate `VolumeAttributesClass` is turned on and `storage.k8s.io/v1beta1` is enabled. ([#130553](https://github.com/kubernetes/kubernetes/pull/130553), [@Phaow]...