Skip to content

Security and supply-chain hardening: XXE fix, CI hardening, OpenSSF Scorecard, deterministic builds, and governance docs#353

Merged
twcclegg merged 4 commits into
mainfrom
cleaning
Jun 17, 2026
Merged

Security and supply-chain hardening: XXE fix, CI hardening, OpenSSF Scorecard, deterministic builds, and governance docs#353
twcclegg merged 4 commits into
mainfrom
cleaning

Conversation

@twcclegg

@twcclegg twcclegg commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Changes

@github-actions

github-actions Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

📊 Benchmark Results

Commit: 13210bd · Full run · Windows windows-latest

PR branch 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Gen0 Gen1 Allocated
InputDigitPerKeystroke 1000 4.686 ms 0.0870 ms 0.0854 ms 242.1875 7.8125 3.9 MB 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]     : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  Job-AMQORM : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Runtime=.NET 10.0  InvocationCount=1  IterationCount=20  
LaunchCount=1  RunStrategy=ColdStart  UnrollFactor=1  
WarmupCount=1
Method Mean Error StdDev Allocated
CreateInstance 328.4 μs 117.7 μs 135.5 μs 75.05 KB
CreateInstanceAndLoadAllRegions 8,525.5 μs 586.2 μs 675.1 μs 1576.63 KB
FirstRegionLookup 356.8 μs 127.1 μs 146.4 μs 80.11 KB 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Gen0 Allocated
ExtractPossibleNumber_CleanInput 1000 22.76 μs 0.080 μs 0.075 μs - -
ExtractPossibleNumber_WithLeadingJunk 1000 35.27 μs 0.396 μs 0.351 μs 2.8687 48360 B 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Gen0 Allocated
FindNumbers_Valid 100 156.2 μs 0.91 μs 1.12 μs 4.1504 69.93 KB
FindNumbers_StrictGrouping 100 341.9 μs 2.90 μs 2.57 μs 7.3242 123.3 KB 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Gen0 Allocated
ParseValidateAndFormatPhoneNumbers 1000 2.580 ms 0.0400 ms 0.0393 ms 35.1563 582.48 KB
ParseValidateAndFormatPhoneNumbers 10000 26.538 ms 0.5186 ms 0.7762 ms 343.7500 5818.97 KB
main branch 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Gen0 Gen1 Allocated
InputDigitPerKeystroke 1000 4.648 ms 0.0717 ms 0.0670 ms 242.1875 7.8125 3.9 MB 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]     : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  Job-AMQORM : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Runtime=.NET 10.0  InvocationCount=1  IterationCount=20  
LaunchCount=1  RunStrategy=ColdStart  UnrollFactor=1  
WarmupCount=1
Method Mean Error StdDev Allocated
CreateInstance 328.2 μs 109.4 μs 126.0 μs 75.05 KB
CreateInstanceAndLoadAllRegions 8,450.9 μs 492.5 μs 567.1 μs 1576.63 KB
FirstRegionLookup 353.9 μs 133.2 μs 153.4 μs 80.11 KB 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Gen0 Allocated
ExtractPossibleNumber_CleanInput 1000 22.50 μs 0.030 μs 0.027 μs - -
ExtractPossibleNumber_WithLeadingJunk 1000 37.15 μs 0.741 μs 1.627 μs 2.8687 48360 B 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Median Gen0 Allocated
FindNumbers_Valid 100 166.8 μs 4.14 μs 12.20 μs 160.6 μs 4.1504 69.93 KB
FindNumbers_StrictGrouping 100 325.2 μs 1.89 μs 1.77 μs 325.0 μs 7.3242 123.3 KB 

BenchmarkDotNet v0.15.8, Windows 11 (10.0.26100.32860/24H2/2024Update/HudsonValley) (Hyper-V)
AMD EPYC 7763 2.44GHz, 1 CPU, 4 logical and 2 physical cores
.NET SDK 10.0.301
  [Host]    : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3
  .NET 10.0 : .NET 10.0.9 (10.0.9, 10.0.926.27113), X64 RyuJIT x86-64-v3

Job=.NET 10.0  Runtime=.NET 10.0
Method PhoneNumberCount Mean Error StdDev Gen0 Allocated
ParseValidateAndFormatPhoneNumbers 1000 2.608 ms 0.0520 ms 0.0694 ms 35.1563 582.48 KB
ParseValidateAndFormatPhoneNumbers 10000 24.619 ms 0.1398 ms 0.1168 ms 343.7500 5818.97 KB

@codecov

codecov Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.08%. Comparing base (ca5fa8d) to head (13210bd).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #353      +/-   ##
==========================================
+ Coverage   97.94%   98.08%   +0.13%     
==========================================
  Files          40       40              
  Lines       52949    52957       +8     
  Branches     1124     1124              
==========================================
+ Hits        51862    51941      +79     
+ Misses        852      772      -80     
- Partials      235      244       +9

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@twcclegg twcclegg changed the title Cleaning Security and supply-chain hardening: XXE fix, CI hardening, OpenSSF Scorecard, deterministic builds, and governance docs Jun 16, 2026
@twcclegg twcclegg marked this pull request as ready for review June 16, 2026 17:51
@twcclegg twcclegg requested a review from wmundev June 16, 2026 17:51
wmundev
wmundev approved these changes Jun 17, 2026
View reviewed changes

@wmundev wmundev left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, nice!

@twcclegg twcclegg merged commit 4786795 into main Jun 17, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wmundev wmundev wmundev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@twcclegg @wmundev