-
**Description**
I am opening this to ask if there's a contributor ladder defined for sigstore.
How do I become an org member?
I would be happy to help do PR's reviews here, hoping to work to…
-
As discussed during the last TAC, sigstore is interested in joining the OpenSSF as a project. This issue is to facilitate discussions within the TAC.
sigstore is an open source answer to software s…
-
This is mostly inspired by https://github.com/google/oss-fuzz/issues/6836
I agree with @jonathanmetzman that it doesn't make much sense to point CIFuzz to anything other than the master branch (in …
-
**Describe the bug**
I took a sample of 300+ repositories and Branch-Protection is failing in all of them. Are we sure this check is working?
This is failing for `scorecard` also
```SELECT h.C…
-
**Describe the bug**
One of scorecard requirements is "frozen dependencies". In Ruby applications, including Rails, frozen dependencies are implemented via a `Gemfile.lock` file. However, such Ruby a…
-
**Is your feature request related to a problem? Please describe.**
Hi everyone,
I'm trying to consume scorecards from google storage available at `gs://ossf-scorecards/`. The last entry I can se…
-
Hello, Thoth-station!
This Issue would be used for the current sprint cycle production release.
By the end of the sprint cycle, we will consolidate the information of thoth-station components feat…
-
Hello Team,
Description:
I tried running scorecard using
1. Docker
When i run `"docker run -e GITHUB_AUTH_TOKEN=ghp_7ta6StgyRpazkjmuSZF0Loe5WmRr3xxxxxx gcr.io/openssf/scorecard:latest -…
-
The scorecard is failing to refresh (downloading latest data from BigQuery), investigating. The other data refreshed successfully.
-
**Description**
Run https://github.com/ossf/scorecard provides a way to automate analysis and trust decisions on the security posture.
Scorecard takes the best practices and automates to help improv…