-
It is desired that all TIs have a PR filed and approved by the TAC that documents where they are within the TI Lifecycle:
https://github.com/ossf/tac/blob/main/process/working-group-lifecycle.md
h…
-
### Summary
We recently added OpenSSF Scorecard to the repository, on the initial scan, it found a few actionable items.
### Why is this needed?
OpenSSF Scorecard scanner found minor issues with th…
-
The OpenSSF ScoreCard for my project doesn't recognise the best practice badge due to case-sensitivity (see https://github.com/ossf/scorecard/issues/3466 and https://github.com/coreinfrastructure/best…
-
### Describe what should be investigated or refactored
We need to setup the `defenseunicorns/pkg` repo in order to have a home for all of the different libraries that we are seeking to make reuseable…
-
Hello from the OpenSSF Security Insights team!
Security Insights is a specification for expressing security-relevant metadata about a project in a machine-readable format. It allows you to express …
-
As per discussion https://github.com/open-quantum-safe/boringssl/pull/115#issuecomment-2089779310
- [x] Create CI image(s) with Ubuntu 22 & 24
- [ ] Deploy in CI testing
(- [ ] Create reminder…
-
**Describe the bug**
Cannot scan self-hosted (private) GitLab repositories
**Reproduction steps**
Steps to reproduce the behavior:
1. See screenshot
Shouldnt this be possible acc. to your blo…
-
*Description*:
Envoy Gateway should adhere to [CNCF guidelines for dependency licenses](https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md). As an Apache-2.0 project, …
guydc updated
5 months ago
-
# Issue Description
Resolve items in the 'Token Permissions' category as per reported from https://securityscorecards.dev/viewer/?uri=github.com/intel/intel-xpu-backend-for-triton
How to resolve: …
-
We are getting error "fetch failed" when targeting the new version v4.2.3 for some of our repos.
Targeting v4.1.3 works fine. There was a similiar issue a while back: #609.
I see no difference in th…