-
Hi!
I'm here to suggest that you set minimal permissions to your GitHub Workflows, because currently they don't specify the permissions for their jobs and their privileges are being determined by G…
-
Hi!
I'm here to suggest the definition of minimal permissions on your workflows, as it would harden your security agains supply-chain attacks.
I see your workflows [publish-github.yml](https://…
-
### What would you like Renovate to be able to do?
I am writing to propose the integration of the Security Scorecard API (https://api.securityscorecards.dev/) into Renovate. This API offers a compreh…
-
Hello!
I'm Diogo and I work on Google's Open Source Security Team([GOSST](https://github.com/diogoteles08#about-gosst-ghost)) in cooperation with the Open Source Security Foundation ([OpenSSF](http…
-
Adding a Security Policy is important to provide guidance on how people can report any potential vulnerabilities while also ensuring awareness of the vulnerabilities disclosure timeframe.
I recentl…
-
I was checking some issues regarding down machines(#3083, #3084...) and I thought that maybe we can implement a little dashboard in Grafana to check the machine status (ping + latencies) maybe SSH con…
-
I would like to suggest setting the permissions to the github workflows as read only on the [top level](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permission…
-
I'm using the [default GitHub Action workflow](https://github.com/ossf/scorecard-action#workflow-example), though with tags instead of commit hashes in https://github.com/brave/simplepadding/blob/mast…
-
## Time
**UTC Thu 11-May-2023 14:00 (02:00 PM)**:
| Timezone | Date/Time |
|---------------|-----------------------|
| US / Pacific | Thu 11-May-2023 07:00 (07:00 AM) |
| US / Mou…
-
Hi!
I'm Diogo and I work on Google's Open Source Security Team([GOSST](https://github.com/diogoteles08#about-gosst-ghost)) in cooperation with the Open Source Security Foundation ([OpenSSF](https:/…