-
Hi!
I'd like to suggest the definition of minimal permissions on your workflows, as it would harden your security agains supply-chain attacks.
I see that your workflows don't specify the permiss…
-
### Is your feature request related to a problem? Please describe
Hi I am Joyce from Google and I'm working on behalf of the [Open Source Security Foundation][ossf] (OpenSSF) to help open source proj…
-
What do you think about using Open Source Security Foundation' Scorecards ([repo](https://github.com/ossf/scorecard))?
They check quite a long list of things, including branch protection rules, fuzzi…
-
## Time
**UTC Thu 02-Mar-2023 15:00 (03:00 PM)**:
| Timezone | Date/Time |
|---------------|-----------------------|
| US / Pacific | Thu 02-Mar-2023 07:00 (07:00 AM) |
| US / Mou…
-
This enables the OpenSSF Scorecard GitHub Action to help us ensure the project will continue to follow the open-source best practices or even improve any possible practice to avoid security risks and …
-
**Describe the bug**
Starting sometime after 2022-12-09, the command-line version of the Scorecard client returns this error message when running against any public GitHub repository:
```
$ ./score…
-
This issue is to receive nominations for the Best User Adopter Award 2022.
This award recognizes an individual, team or organization who have adopted Sigstore to secure and protect their software, …
-
Hi, I am Joyce and I'm working on behalf of Google and the [OpenSSF][ossf] to help essential open-source projects improve their supply-chain security. The OpenSSF is a non-profit foundation backed by …
-
### Describe the problem as clearly as you can
The GitHub workflows are not restricting the permissions. Restricting permissions in workflows can prevent attackers, once inside your workflow, from …
-
_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)._
**Security Policy Violation**
Project is out of compliance with Binary Artifacts policy: binaries present in sou…