-
Related issue submitted to SLF4J/logback projects by @varunsh-coder Varun Sharma [varunsh@stepsecurity.io](mailto:varunsh@stepsecurity.io)
GitHub recommends defining minimum GITHUB_TOKEN permission…
-
**Describe the bug**
Logged into GitHub, using the GitHub Web User Interface and selecting "New repository" to create a new repository and then running scorecard against that new repo causes:
pani…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
I ran the [OpenSSF's scorecard](https://github.com/ossf/scorecard) on this project and found that branch protection and code reviews are not enforced.
I chatted with @josepalafox and he suggested I…
-
There’s exactly two standard ways of specifying dependencies, none of which dependabot supports.
1. [PEP 517’s `prepare_metadata_for_build_wheel()`](https://www.python.org/dev/peps/pep-0517/#prepar…
-
**Describe the bug**
A clear and concise description of what the bug is.
**Reproduction steps**
From https://github.com/ossf/scorecard#scoring
I think the above info is not right, as highe…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
gostaging is broken due to https://github.com/ossf/scorecard/pull/1898.
One way to fix it is for the go code to grab env variables and call scorecard CLI/API with the correct options set. This deco…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…