Verify the Action in the Marketplace
dihmandrake opened this issue · comments
Currently this Action in the Marketplace is not verified, which can be confusing and might has an security impact.
Usually all official GitHub Actions in the marketplace are "verified".
I noticed it when moving the "auto-merge" to the suggested procedure the suggested example in the GitHub Docs and it failed because my security setting for Actions did not allow unverified Actions (found in the repository settings).
While the workaround is straightforward by whitelisting this action, it would be great to have this Action verified in the Marketplace (probably requires some GitHub internal procedures).
Edit:
I think the entire organization dependabot needs to be verified as stated in these links:
The Dependabot organization should now be fully verified, so this issue should be resolved.
Well, in the marketplace dependabot is still not marked as a verified creator (see fetch-metadata). E.g. slack-send is verified.
Maybe another release needs to happen?