-
In order to request OpenSSF badge on the repo we need to fulfill the following requirements: https://www.bestpractices.dev/en/criteria/0
Expanding here for better tracking:
## Basics
- [x] The pro…
-
Check out docs: https://clomonitor.io/docs/topics/checks/#signed-releases-from-openssf-scorecard
-
A number of SW supply chain (SWSC) best practices frameworks have come out of CISA, NIST, and the OpenSSF. This issue tracks the implementation plan for meeting these practices.
Implementing these …
-
Hi, would you be willing to adopt the [Scorecard Github Action][sc-gha]? It proactively runs the [Scorecard][sc] on the repository and warn you in case of any Security Practice that may have changed (…
-
Hi, I am Joyce and I'm working on behalf of Google and the [Open Source Security Foundation][ossf] (OpenSSF) to help essential open-source projects improve their supply-chain security.
I would like…
-
**Is your feature request related to a problem? Please describe.**
Memory safety comes up quite frequently these days in regards to developing secure and safe software. Yet there are hardly any autom…
-
At the moment it's possible to merge commits where a reviewer left an LGTM stamp in Reviewable.
This isn't viewed as "accepted" by GitHub, leading to false positives on the OpenSSF scorecard check …
-
**Is your feature request related to a problem? Please describe.**
Open-source supply-chain attacks are [increasing every year][sonatype]. Beyond the infamous [SolarWinds][solarwinds] and [Codecov][c…
-
I am one of the maintainers of https://github.com/ossf/scorecard which is an OSS project which helps in identifying security issues in OSS.
We have a check for https://github.com/ossf/scorecard/blo…
-
Now that the MVP exists, let's talk about building/expanding upon it. Some ideas include but are not limited to:
## Front-end
- [x] Timeboxed Reports for Projects (Weekly/Monthly)
- [x] Timeboxed…