mirror of
https://github.com/gradle/wrapper-validation-action
synced 2024-11-27 10:42:03 +00:00
Mention the homoglyph detection capabilities in the README
This commit is contained in:
parent
9f4cacc32b
commit
169f8f11db
1 changed files with 6 additions and 0 deletions
|
@ -34,6 +34,12 @@ verify that any and all `gradle-wrapper.jar` files in the repository match the S
|
|||
|
||||
If any are found that do not match the SHA-256 checksums of our official releases, the action will fail.
|
||||
|
||||
Additionally, the action will find and SHA-256 hash all
|
||||
[homoglyph](https://en.wikipedia.org/wiki/Homoglyph)
|
||||
variants of files named `gradle-wrapper.jar`,
|
||||
for example a file named `gradlе-wrapper.jar` (which uses a Cyrillic `е` instead of `e`).
|
||||
The goal is to prevent homoglyph attacks which may be very difficult to spot in a GitHub diff.
|
||||
|
||||
## Usage
|
||||
|
||||
Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
|
||||
|
|
Loading…
Reference in a new issue