Hm, I guess it does not make sense to run these on a schedule, unlike Dependabot.
Gary On Sat, Oct 21, 2023, 4:37 PM sebb <seb...@gmail.com> wrote: > I don't understand why Scorecard analysis and CodeQL are being run > weekly as well as on push/pull. > > Does the output somehow change if there has been no change in the input? > Or does the generated output expire? > > Surely it is only necessary to run the analysis when there has been a > change to the source? > > Alternatively, drop the push/pull trigger and only trigger weekly > (although that would be overkill for the less active components) > > Sebb > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
