-
I'd like to propose to evaluate and (selectively) adopt secure software development best practices recommended by the Open Source Security Foundation (OpenSSF) [1]. The OpenSSF Scorecard project check…
gkunz updated
9 months ago
-
https://securityscorecards.dev/
-
We've recently been exploring the use of OpenSSF Scorecard Monitor for our various open source organizations, but hit a roadbump after finding that Scorecard Monitor was only discovering a handful of …
lelia updated
9 months ago
-
**Describe the bug**
I'm unable to run scorecard on a local directory of source code.
**Reproduction steps**
Steps to reproduce the behavior:
1. UPSTREAM=https://ftp.gnu.org/gnu/hello/hello-2.12…
-
# Problem space:
Projects may experience intermittent or long periods of inactivity, in some cases such inactivity is an indicator that a project is declining and needs attention. Attention can be on…
-
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and communicate when vulnerabilities will be confirmed, fixed and disclosed to the public.
…
-
### Motivation
Follow the best practices from OpenSSF and automate it with GH Actions.
Useful links:
- [OpenSSF best practices](https://www.bestpractices.dev/en)
- File existence verification…
-
### Summary
Badges are useful indicators for quick information and python project utilises some of them, like openssf scorecard, supported runtimes, etc. We should review which badges we can use si…
am29d updated
8 months ago
-
While trying out this action, I'm encountering the error: "GraphQL: Resource not accessible by integration (addComment)".
I tried passing the `GITHUB_TOKEN` environment variable, setting the `pull-…
-
## Time
**UTC Thu 11-Apr-2024 14:00 (02:00 PM)**:
| Timezone | Date/Time |
|---------------|-----------------------|
| US / Pacific | Thu 11-Apr-2024 07:00 (07:00 AM) |
| US / Mou…