-
### đź”– Feature description
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborat…
-
### Description
I would like to suggest a security practice recommended by the [OpenSSF Scorecard][scorecard-repo] which is to hash pin dependencies to prevent dependency-confusion, typosquatting a…
-
**Is your feature request related to a problem? Please describe.**
Based on Scorecard findings [I have minimized the permissions of all tokens in our project](https://github.com/edgelesssys/constella…
-
Hello,
Over the past couple of months, I've noticed a recurring issue where Allstar returns 404 error messages when attempting to enforce branch protection, as shown in the logs below, causing the …
-
I've just been looking at adding support for publishing results from GitLab CI for a few of my projects.
I've just hit #511 with [my test repo](https://gitlab.com/tanna.dev/hacking/scorecards-gitla…
-
Hello!
There are changes in your OpenSSF Scorecard report.
Please review the following changes and take action if necessary.
## Summary
There are changes in the following repositories:
| Repos…
-
The risk calculation algorithm (in oss-risk-calculator) is pretty basic, combining project health (from oss-health) and the number of high-risk characteristics (from oss-characteristic), then normaliz…
-
# Description
On reviewing the Github Action workflows, we found that one was too complicated for maintainability. Its complexity constrains the ability to reason and debug, and this is limiting ou…
-
GUAC is looking to do a PoC with both maintainers of open source projects and end users into par due to a larger effort in the Security Toolbelt.
I spoke to @SecurityCRob that we don't currently ha…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…