-
A number of SW supply chain (SWSC) best practices frameworks have come out of CISA, NIST, and the OpenSSF. This issue tracks the implementation plan for meeting these practices.
Implementing these …
-
-
Hi, I work at Google together with the OpenSSF to help open source projects improve their supply chain security by using the [OpenSSF Scorecard](https://github.com/ossf/scorecard) as a guide.
I wou…
-
Hey, I'm Diogo and I've raised the issues #357 and #365 contributing with some security enhancements. I'll happily continue contributing with such improvements (it's literally my job, see [my profile]…
-
Check out docs: https://clomonitor.io/docs/topics/checks/#signed-releases-from-openssf-scorecard
-
When deciding whether to approve a new dependency, I've been informally checking for a few criteria. We should formalize these criteria, so I've put them into this checklist:
* [ ] **Actively maint…
-
While discussing Issue #9, it was brought up that we should try to add Trusted Publishers, SLSA signing to reporeview and then also look at the OpenSSF scorecards to see if there are things we care ab…
-
An example of a project using OSSF
| Project | Pipeline source code | Results visualized |
| ----------- | ----------- | ----------- |
| NumPy | [actions yaml file ](https://github.co…
-
**Is your feature request related to a problem? Please describe.**
Memory safety comes up quite frequently these days in regards to developing secure and safe software. Yet there are hardly any autom…
-
Hi, I work on behalf of Google and the OpenSSF to help open source projects to increase their supply chain security by using [OpenSSF Scorecard](https://github.com/ossf/scorecard) as a guide.
I wou…