-
The [OpenSSF Scoring workflow](https://github.com/nodejs/security-wg/actions/runs/4394801710/jobs/7696070088) is failing has we had changed the rules in the repo to make `main` a protected branch:
…
-
**Is your feature request related to a problem? Please describe.**
Adding a Security Policy is important to provide guidance on how users can report potential vulnerabilities and communicate when vul…
-
## Description
I would like to suggest another security practice recommended by the [OpenSSF Scorecard][scorecard-repo] which is to hash pin dependencies to prevent typosquatting and tag renaming a…
-
Description: Develop and automated framework to evaluate the security posture for CNCF graduating projects.
Impact: The impact of this automated framework will be to easily evaluate the security p…
-
The Secure Software Factory (https://github.com/thesecuresoftwarefactory/ssf) that was demoed on the 19th is now approved to move into the OpenSSF under this WG.
We have a few logistical items to h…
-
One of the options for earning points in this hackathon is "PM - Backlog Management" which doesn't entirely lend itself to explicit issues but here's a few project management places where I know I cou…
-
**Description**
https://github.com/ossf/scorecard
-
Based on @jenniferfernick's comment here: https://github.com/ossf/tac/pull/41#discussion_r538574702
I decided to take a quick look at what "resources" WGs are currently using and what they might wa…
-
As discussed on today's (3/1/23) phone call, I'm putting together a paper with the default compiler options used by each independent Linux distro.
https://docs.google.com/document/d/1QGyDVgu0bGdKkd…
-
## Description
I would like to suggest another security practice recommended by the [OpenSSF Scorecard][scorecard-repo] which is to hash pin dependencies to prevent dependency-confusion and typosqu…