running guarddog on guarddog results in a potentially malicious issue - need to dogfood

[royby-cyberark]

guarddog pypi scan guarddog

results:

Found 1 potentially malicious indicators in guarddog

repository_integrity_mismatch: Some files present in the package are different from the ones on GitHub for the same version of the package:
* ./pyproject.toml

In addition to fixing this, it might be nice to include guarddog as part of the pipeline for this project, so issues are not re-introduced

[royby-cyberark]

I have no permissions to set labels on the issue (I assume "bug")

[christophetd]

Thanks for reporting! We are actually running GuardDog in this repo as a CI pipeline, but it acts on dependencies only (not on the GuardDog package itself).

Let us look into it and see how we can improve the heuristic, thanks! cc @vdeturckheim