-
The goal of the task is to add an external link to [the following scorecard visualiser](https://github.com/KoolTheba/openssf-scorecard-api-visualizer#how-to-use-it) in the **Security Scorecard** tab.
…
-
Hi again,
I'd like to suggest a tool that might help on tracking supply-chain security practice improvements, which is the [OpenSSF Scorecard Action](https://www.github.com/ossf/scorecard-action)
…
-
**Describe the bug**
While comparing the scoring with the API:
- Request1: [Nodejs (bd31d489615b424202553ffe1a5093a19d5e5e1f)](https://api.securityscorecards.dev/projects/github.com/nodejs/nodejs.…
-
To avoid #595 again
This should simplify maintenance and improve reproducibility and confidence in the release artifacts (there's probably an OpenSSF standard somewhere for this to track down https…
g-k updated
11 months ago
-
Referencing actions by commit SHA in GitHub workflows, guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being move…
-
Hi @lemire! I just noticed you are also maintaining https://github.com/bits-and-blooms/bitset repository, to which I have been suggesting similar contributions. As in bits-and-blooms/bitset, I would l…
-
**Is your feature request related to a problem? Please describe.**
I am struggling to figure out the meaning of a flagged problem, and so I can't ameliorate it. Discussion with other programmers sk…
-
Hi I'm working on behalf of Google and the OpenSSF to help Open Source Projects to improve Supply-Chain Security by following some security practices checked by [OpenSSF Scorecard](https://github.com/…
-
> Scorecard is an automated tool that assesses a number of important heuristics [("checks")](https://github.com/ossf/scorecard#scorecard-checks) associated with software security and assigns each chec…
-
### Describe the Feature
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks,…