-
The enhancement may already be reported! Please search for the enhancement before creating one.
Please, can you add support deps.dev Google-portal?
### Current Behavior:
no support
### Propose…
-
# Overview
As proposed in the 4/24/2022 biweekly meeting, a mission and vision statement will help guide present and future contributors. Our goal is to bring shared direction across contributors and…
-
OpenSSF scorecard was enabled for the core repo in https://github.com/containerd/containerd/pull/7404 but probably we don't want to maintain this for all the repos under the containerd org.
Can we …
-
**What would you like to be added**:
We recently ran the `ossf/scorecard`[^1] over the `Syft` project, found some vulnerabilities, here is the output of the scan:
```shell
$ docker run -e GITHU…
-
As the maintainer of the source2adoc project,
I want to create a Proof of Concept (PoC) for integrating OpenSSF Scorecard
So that I can evaluate the security and health of the project both locally a…
-
In the huge "Software dependency chain" discussion there is a lot of talk about evaluating Open Source projects. OpenSSF has developed scorecards and work on this. What kind of competence is needed by…
-
### Motivation
Scorecard are a universal way to "grade" a project, using multiple metrics like security, quality, frequency of updates... Providing this score and being able to to monitor its evolu…
-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…
-
### Current Behavior
Focus currently is on already known vulnerabilities.
### Proposed Behavior
There are projects like https://github.com/ossf/scorecard which calculate a security health sco…
-
### Discussed in https://github.com/ossf/scorecard/discussions/3270
Originally posted by **claudioandre-br** July 15, 2023
Hi,
I'm receiving this warning:
```
"Warn: downloadThenRun not …