-
**Is your feature request related to a problem? Please describe.**
Should Scorecard run a security scan on repositories? With something like https://github.com/coinbase/salus
-
I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found a total of 16 warnings (indicating potential vulnerabilities) when running the CogniCrypt static an…
-
Interested to hear people’s opinions about the code scanning and policy checking tools we should be using on our repos. These cover static analysis security testing (SAST) and supply chain management …
-
**Description**
This is a placeholder issue to indicate and describe the area of problems and let contributors help with providing fixes.
At the time of the creation of this ticket, I integrated …
-
> This prev. open PR could contain useful inputs: https://github.com/OWASP/owasp-mastg/pull/2604/files#diff-a6472df266173afc665035280a844525ce81374d2b343070dfd37a24deffa541
## Description
Create…
-
### Description
There is an API to query results for the repo
https://github.com/ossf/scorecard?tab=readme-ov-file
### Tasks
- docs: they must add the OSSF GitHub Action - can this be done w…
-
## ENVIRONMENT
```
OS and Version: Win11 21H2 22000.16963.
Python Version: python 3.8.8
MobSF Version: v3.6.3Beta
```
## EXPLANATION OF THE ISSUE
```
I can check some old version of this…
-
### What's the problem this feature will solve?
This is following on from https://github.com/pypa/pip/issues/12564 to discuss whether pip maintainers would be interested in enabling [CodeQL SAST sc…
wwuck updated
6 months ago
-
Many open source projects only have one maintainer. How will they meet the 2 person review requirement? Are tools like automated code reviews in scope for meeting this requirement?
-
ref https://github.com/microsoft/sarif-tutorials/tree/main/samples
This allows you to view messages through GitHub security alerts.