The latest release https://github.com/koalaman/shellcheck/releases/tag/v0.11.0 is not immutable which is a supply-chain risk as anyone with permission to edit that release can slip in compromised binaries. I recommend the next release to be done with a immutable tag.
The latest release https://github.com/koalaman/shellcheck/releases/tag/v0.11.0 is not immutable which is a supply-chain risk as anyone with permission to edit that release can slip in compromised binaries. I recommend the next release to be done with a immutable tag.