-
**Describe the bug**
When running Scorecard against this repo https://github.com/tngan/samlify I get an score 0 on the Dependency Update Tool check, however the repo does have dependabot.
**Reprod…
-
The [flutter/samples](https://github.com/flutter/samples) repository scorecard runs fail to detect the dependabot file even though [the file](https://github.com/flutter/samples/blob/master/.github/dep…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
**Is your feature request related to a problem? Please describe.**
Scorecard exits with an exit status of zero (0) under many circumstances: for instance when there are internal errors.
Scripts a…
-
Fill out openssf scorecard best practices form
Add badge to main page (like is shown at https://github.com/ebpf-for-windows)
-
Related issue submitted to SLF4J/logback projects by @varunsh-coder Varun Sharma [varunsh@stepsecurity.io](mailto:varunsh@stepsecurity.io)
GitHub recommends defining minimum GITHUB_TOKEN permission…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
**Describe the bug**
Logged into GitHub, using the GitHub Web User Interface and selecting "New repository" to create a new repository and then running scorecard against that new repo causes:
pani…
-
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token perm…
-
I ran the [OpenSSF's scorecard](https://github.com/ossf/scorecard) on this project and found that branch protection and code reviews are not enforced.
I chatted with @josepalafox and he suggested I…