-
Hi :wave: as a project in the working group "[Identifying Security Threats](https://openssf.slack.com/archives/C01A50B978T)", we are working on the [SECURITY-INSIGHTS.yml specification](https://github…
-
**Describe the bug**
Rename "CII Best Practices Badge" to "OpenSSF Best Practices Badge"; the project recently changed its hame.
-
Hey, I'm Diogo and I've raised the issues #357 and #365 contributing with some security enhancements. I'll happily continue contributing with such improvements (it's literally my job, see [my profile]…
-
# OpenSSF Scorecards
* リポジトリのセキュリティリスクをチェックするツール
* ツールを実行すると、スコアが算出されると同時に推奨事項が表示される
* 書籍内では、OpenSSF Scorecards を Docker 経由で実行する方法が紹介されていた。
```bash
docker run -e GITHUB_AUTH_TOKEN=$(gh au…
-
Hey, I'm Diogo and I've raised the issues #357 and #809 contributing with some security enhancements. I'll happily continue contributing with such improvements (it's literally my job, see [my profile]…
-
To more know how our open-source scores
### Ref
- https://github.com/marketplace/actions/ossf-scorecard-action
- https://www.zdnet.com/article/google-announces-scorecard-v4-in-partnership-with-github…
-
### Motivation
Scorecard are a universal way to "grade" a project, using multiple metrics like security, quality, frequency of updates... Providing this score and being able to to monitor its evolu…
-
### Discussed in https://github.com/ossf/scorecard/discussions/3270
Originally posted by **claudioandre-br** July 15, 2023
Hi,
I'm receiving this warning:
```
"Warn: downloadThenRun not …
-
**If you are reporting *any* crash or *any* potential security issue, *do not*
open an issue in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will b…
-
OpenSSF score card fails because workflow files do not define GH token permissions:
https://github.com/ossf/scorecard/blob/main/checks/checks.md#token-permissions