-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
**Is your feature request related to a problem? Please describe.**
Scorecard exits with an exit status of zero (0) under many circumstances: for instance when there are internal errors.
Scripts a…
-
Related issue submitted to SLF4J/logback projects by @varunsh-coder Varun Sharma [varunsh@stepsecurity.io](mailto:varunsh@stepsecurity.io)
GitHub recommends defining minimum GITHUB_TOKEN permission…
-
**Describe the bug**
Logged into GitHub, using the GitHub Web User Interface and selecting "New repository" to create a new repository and then running scorecard against that new repo causes:
pani…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
I ran the [OpenSSF's scorecard](https://github.com/ossf/scorecard) on this project and found that branch protection and code reviews are not enforced.
I chatted with @josepalafox and he suggested I…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
**Describe the bug**
A clear and concise description of what the bug is.
**Reproduction steps**
From https://github.com/ossf/scorecard#scoring
I think the above info is not right, as highe…
-
gostaging is broken due to https://github.com/ossf/scorecard/pull/1898.
One way to fix it is for the go code to grab env variables and call scorecard CLI/API with the correct options set. This deco…