-
## In what area(s)?
> /area runtime
> /area operator
> /area placement
> /area docs
/area test-and-release
## Describe the feature
The artifacts in a Dapr release are not signed. A si…
-
**Description**
Run https://github.com/ossf/scorecard provides a way to automate analysis and trust decisions on the security posture.
Scorecard takes the best practices and automates to help improv…
-
Hello, I am trying to check score of a pypi package babel but I think i might not be using it correctly.
What am I doing wrong? can i specify a specific version of the package?
Thanks
[root@docke…
-
I just testing and implementing harden-runner after starting with the scorecard action. Repo is here: https://github.com/jauderho/psfiles
So if the push is for actions to use commit hashes instead …
-
Hello, I created a centos 7 minimal virtual machine, installed docker, and ran:
docker run -e GITHUB_AUTH_TOKEN=*my token* gcr.io/openssf/scorecard:latest --show-details --repo=https://github.com/oss…
-
The cron runs the scorecard data for multiple repositories and it is published via the GCS bucket `gs://ossf-scorecards/`. It would be easier to consume this data if it can be published into BigQuery …
-
**Is your feature request related to a problem? Please describe.**
The scorecard docker images that are GitHub should be removed.
**Describe the solution you'd like**
Delete the docker images fro…
-
**Describe the bug**
The cron job seems to be looping. After completing a few hundred repos, it starts again from the top.
![image](https://user-images.githubusercontent.com/4825078/119745626-5f…
-
The cron stopped importing in biquery:
![image](https://user-images.githubusercontent.com/1714486/111888839-3582a000-89ae-11eb-9cd2-436a3415a0aa.png)
There's a way to debut this but I forget how r…
-
**Describe the bug**
The docker build for the cronjob is broken
```
docker build \
-t gcr.io/openssf/cron:latest \
-f ./cron/Dockerfile \
```
``` .
Sending build context to Dock…