-
## Problem statement
> **_While most approaches focus on guaranteeing the provenance of software components, this is only one side of sustainable software development. One other side is the focus o…
-
**Is your feature request related to a problem? Please describe.**
In the open-source ecosystem, developers can share the code on different platforms (GitHub, Bitbucket, self-hosted, etc), and they h…
-
### Description of the issue
A yaml workflow needs to be added to the admin-portal to automate the gatherering of metrics relating to its "security posture" (overall cybersecurity readiness and app…
-
`#SecuritySlam`
**What would you like to be added**:
The project cryptographically signs release artifacts.
**Why is this needed**:
Signing artifacts would boost the security of the pr…
-
Hello!
There are changes in your OpenSSF Scorecard report.
Please review the following changes and take action if necessary.
## Summary
There are changes in the following repositories:
| Repos…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
This will eliminate a lot of code from the repository
Here are all the unique resources in this module.
```bash
✗ rg ^resource -ttf | cut -d'"' -f2 | sort | uniq
aws_cloudwatch_event_rule
aws…
-
**Host:** @angellk
**Note Taker:** @TheFoxAtWork
Recurring Items
* [LF Antitrust Policy](https://docs.google.com/presentation/d/1tNOOPWqZMMcUQjes7J-Fc8__5vGmNsxtZnfOw6dLlpc/edit?usp=sharing)
* [Rev…
-
### Description
There is an API to query results for the repo
https://github.com/ossf/scorecard?tab=readme-ov-file
### Tasks
- docs: they must add the OSSF GitHub Action - can this be done w…
-
### TL;DR:
I am very glad to announce that this repository is now part of the OSSF Organization, so **the Scorecard Visualizer is now an official tool in the OSSF Scorecard ecosystem**. :confetti_b…