-
In accordance with OpenSSF's recommendations, we should be cryptographically signing our GitHub releases with a GPG key.
* OpenSSF Guidance: https://github.com/ossf/scorecard/blob/4edb07802fdad892f…
-
-
Hey dear security team,
I was made aware of the [OpenSSF program](https://openssf.org/) in the course of Google Summer of Code. There are two actions I'm trying to set up for JupyterLab:
- [OpenSS…
-
Hi I am Joyce from Google and I'm working on behalf of the [Open Source Security Foundation][ossf] (OpenSSF) to help open source projects to improve their supply-chain security. Considering how qs pro…
-
While discussing Issue #9, it was brought up that we should try to add Trusted Publishers, SLSA signing to reporeview and then also look at the OpenSSF scorecards to see if there are things we care ab…
-
Proposal to fine-tune the questions in the new project template: https://github.com/hpsfoundation/tac/blob/main/.github/ISSUE_TEMPLATE/new-project-proposal.md
Moved out from #2
I think also rel…
ax3l updated
23 hours ago
-
Lately, I've been looking a bit at [OpenSSF Scorecard](https://securityscorecards.dev/), it is an security assessment for open source projects.
You can see the current score here: https://securitys…
-
Dear Fluid TOC members and maintainers,
I am proposing to have Shunli Feng (GithubID: fengshunli) as a new committer.
Shunli Feng, is a partner of a startup company. He has worked in cloud-nativ…
-
Hi, would you be willing to adopt the [Scorecard Github Action][sc-gha]? It proactively runs the [Scorecard][sc] on the repository and warn you in case of any Security Practice that may have changed (…
-
**Is your feature request related to a problem? Please describe.**
Memory safety comes up quite frequently these days in regards to developing secure and safe software. Yet there are hardly any autom…