-
Add minimum permissions to GitHub workflows is important to protect your repository against supply-chain attacks. The `fuzz.yml` workflow just needs minimum permissions `contents: read` and `tests.yml…
-
Hey Kubernetes Community,
I'd like to self-nominate to continue my service on the Kubernetes Steering Committee.
I have had the honor of holding governance roles within this project since 2018 (…
-
Adding minimum permissions to your workflows can help keep your repository safer against supply-chain attacks. I see your repo has 2 workflows, `ci.yml` and `release.yml`. `ci.yml` needs just `content…
-
Hey, it's Pedro (see #1329 and #1342) and I've got another security suggestion for libavif!
I'd like to suggest that the project add the [OpenSSF Scorecard Action](https://github.com/ossf/scorecard…
-
Hello OPTEE team,
I recently came across the `OpenSSF scorecard` which assesses the security of opensource projects.
Does it make sense to run this on all the OPTEE repositories?
**References:*…
-
Follow-up to #221
### GitHub Username
@agilgur5
### Sub-project(s)
Promotion is requested for the following sub-project(s).
- [ ] Argo CD
- [ ] Argo Events
- [ ] Argo Rollouts
- [x] …
-
Flagging supply-chain security issues is important for you to be aware of where your repository is vulnerable to these attacks and act upon it. Supply-chain attacks aim for your development, build and…
-
Hey, I'm Diogo and I've raised the issues #1421 and #1461 contributing with some security enhancements. I'll happily continue contributing with such improvements (it's literally my job, see [my profil…
-
Section: Build Risk Assessment
Points:
- Does the software have an SBOM? (3 points)
- Does the SBOM score well on [`sbom-scorecard`](https://github.com/justinabrahms/sbom-scorecard)? (7 points)
…
-
The latest update to scorecard mentioned that there's a nicer viewer for the scorecard data now. Our link is here:
https://securityscorecards.dev/viewer/?uri=github.com/intel/cve-bin-tool
It wou…