-
Seems like the cron job isn't kicking off each day. Need to investigate.
-
As we now have a stable output of new contributions, reviews and releases, its I think time to improve processes to ensure Stability and Security of the Project.
Having them will also further impro…
-
**Is this a bug report or feature request?**
* Feature Request
**What should the feature do:**
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2…
-
Interested to hear people’s opinions about the code scanning and policy checking tools we should be using on our repos. These cover static analysis security testing (SAST) and supply chain management …
-
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
When the scorecard GitHub action is us…
-
Hi :wave: as a project in the working group "[Identifying Security Threats](https://openssf.slack.com/archives/C01A50B978T)", we are working on the [SECURITY-INSIGHTS.yml specification](https://github…
-
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and communicate when vulnerabilities will be confirmed, fixed and disclosed to the public. W…
-
**Describe the bug**
flutter/flutter has branch protection enabled and required reviewers to 1 but scorecards still show an alert with a description that is set to 0
**Reproduction steps**
Steps …
-
As discussed on today's call - what are some key measurable security indicators we would like developers to see when they are selecting packages (e.g. NPM packages) to possibly bring into their web ap…
torgo updated
1 month ago
-
Hi! GitHub provides a setting in the repository to set restricted permissions when running workflows. Granting minimum access is a good security standard in general, but it's specially important in th…