-
When deciding whether to approve a new dependency, I've been informally checking for a few criteria. We should formalize these criteria, so I've put them into this checklist:
* [ ] **Actively maint…
-
I'd like to propose to evaluate and (selectively) adopt secure software development best practices recommended by the Open Source Security Foundation (OpenSSF) [1]. The OpenSSF Scorecard project check…
gkunz updated
5 months ago
-
I'd like to propose to evaluate and (selectively) adopt secure software development best practices recommended by the Open Source Security Foundation (OpenSSF) [1]. The OpenSSF Scorecard project check…
gkunz updated
9 months ago
-
**Is your feature request related to a problem? Please describe.**
I am frustrated that Scorecard requires projects to have an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.core…
-
See [OpenSSF scorecard project](https://github.com/ossf/scorecard/tree/main?tab=readme-ov-file#openssf-scorecard).
Related:
- #23
- #25
-
Hi, I am Joyce and I'm working on behalf of Google and the [Open Source Security Foundation][ossf] (OpenSSF) to help essential open-source projects improve their supply-chain security.
I would like…
-
An example of a project using OSSF
| Project | Pipeline source code | Results visualized |
| ----------- | ----------- | ----------- |
| NumPy | [actions yaml file ](https://github.co…
-
**Is your feature request related to a problem? Please describe.**
Open-source supply-chain attacks are [increasing every year][sonatype]. Beyond the infamous [SolarWinds][solarwinds] and [Codecov][c…
-
### 💻
- [X] Would you like to work on this feature?
### What problem are you trying to solve?
Hi, I am Joyce from Google and I'm working on behalf of the [Open Source Security Foundation][ossf] (Op…
-
Check out docs: https://clomonitor.io/docs/topics/checks/#signed-releases-from-openssf-scorecard