Hm, I guess it does not make sense to run these on a schedule, unlike Dependabot.
Gary On Sat, Oct 21, 2023, 4:37 PM sebb <[email protected]> wrote: > I don't understand why Scorecard analysis and CodeQL are being run > weekly as well as on push/pull. > > Does the output somehow change if there has been no change in the input? > Or does the generated output expire? > > Surely it is only necessary to run the analysis when there has been a > change to the source? > > Alternatively, drop the push/pull trigger and only trigger weekly > (although that would be overkill for the less active components) > > Sebb > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
