-
There's a lot of overlap between CLOMonitor and Scorecard checks:
https://github.com/ossf/scorecard/blob/main/docs/checks.md
Ideally I'd like to port all CNCF CLOMonitor checks to Scorecard and un…
-
### What's the problem this feature will solve?
https://github.com/ossf/scorecard is a useful tool for analysing the project's security best-practices. It would be nice to see the pip project add th…
wwuck updated
5 months ago
-
These are the fields currently available in the scorecard data extract. All values are boolean (true/false).
Currently in Use
- `openssf.scorecard.raw.active`
- `openssf.scorecard.raw.ci-tests`
…
-
## Background
Currently, GUAC is calculating the OpenSSF Scorecard scores directly using the Scorecard library. This requires having a GitHub token to access the repository data. However, there are…
-
## Description
This project is a collaborative effort between the CNCF and Google's Open Source Security Team to improve security practices across various CNCF projects. The focus is identifying an…
-
To decide whether to use this package in the [Magma](https://magma.github.io/magma/docs/basics/introduction.html) project I checked it with deps.dev.
(See https://deps.dev/go/github.com%2Fwmnsk%2F…
-
Hello,
I'm trying to centralise this action; we have close to 800 repos in our org, and I don't want to commit (or use .git) this action to each of them.
So, using the APP authentication, I gather…
-
Check out docs: https://clomonitor.io/docs/topics/checks/#openssf-scorecard-badge
-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…
-
With the recent adoption of the Scorecard project charter, we as @ossf/scorecard-maintainers / Steering Committee have a few administrative tasks that need to be completed.
Each heading here will b…