-
Hi team! I think it would be beneficial for the project if we follow the recommendations from the [OpenSSF Scorecard](https://github.com/ossf/scorecard).
### Context
Many projects are part of th…
-
We should add OpenSSF scorecard to this repository.
Reference: https://github.com/ossf/scorecard
-
There's a lot of overlap between CLOMonitor and Scorecard checks:
https://github.com/ossf/scorecard/blob/main/docs/checks.md
Ideally I'd like to port all CNCF CLOMonitor checks to Scorecard and un…
-
Would the project maintainers be interested in a PR to add the [OpenSSF Scorecard](https://github.com/ossf/scorecard) [github action](https://github.com/ossf/scorecard-action) to the CI workflow? It …
wwuck updated
3 months ago
-
### What's the problem this feature will solve?
https://github.com/ossf/scorecard is a useful tool for analysing the project's security best-practices. It would be nice to see the pip project add th…
wwuck updated
2 months ago
-
Would you be interested if I submit a PR to add the OpenSSF Scorecard github action?
https://github.com/ossf/scorecard
https://github.com/ossf/scorecard-action
Example from another project: htt…
wwuck updated
3 months ago
-
Cross reference with https://discuss.scientific-python.org/t/spec-8-supply-chain-security/1163
Copying from @tupui's original post there, areas of focus could be:
* [OpenSSF 4](https://openssf.o…
-
While discussing Issue #9, it was brought up that we should try to add Trusted Publishers, SLSA signing to reporeview and then also look at the OpenSSF scorecards to see if there are things we care ab…
-
# Summary
Closely related to #9769 and #11953
Can see our scores for OpenSSF Scorecard from the badge link here: https://api.securityscorecards.dev/projects/github.com/argoproj/argo-workflows
…
-
We recently applied and received the [OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/en/projects/7034) badge. OpenSSF has another quality assurance offering that we might conside…