-
There are great metrics for software health provided by CHAOSS: https://chaoss.community/kbtopic/software/. It would be brilliant to use some of these if it is possible to query on those for a given r…
-
Thank you for this wonderful package. I am stuck with an issue and was wondering if anyone could help me out.
I'm trying to display the following readme html response I get from `https://api.github.c…
ERy03 updated
3 months ago
-
Hello!
There are changes in your OpenSSF Scorecard report.
Please review the following changes and take action if necessary.
## Summary
There are changes in the following repositories:
| Repos…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
Hello! I’d like to propose the addition of a SECURITY.md file to this repository. This would make it easier for users/developers to report security vulnerabilities responsibly improving the project’s …
-
After bumping to [v1.12.0](https://github.com/pypa/gh-action-pypi-publish/discussions/287) publishing to TestPyPI is failing:
```log
Unable to find image 'ghcr.io/pypa/gh-action-pypi-publish:61da1…
-
### Description
Hi again, I'd like to suggest another security practice recommended by the [OpenSSF Scorecard][scorecard-repo] which is to hash pin dependencies to prevent dependency-confusion, typ…
-
*Title*: *Improvement of OpenSSF Scorecard Score*
*Description*:
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/m…
-
**Is your feature request related to a problem? Please describe.**
There's a discrepancy between how good a given score ***is*** and how it ***feels***. A 7/10 ***feels*** like a passing grade at be…
-
### Required prerequisites
- [X] Make sure you've read the [documentation](https://pybind11.readthedocs.io). Your issue may be addressed there.
- [X] Search the [issue tracker](https://github.com/pyb…