-
I'd like to propose to evaluate and (selectively) adopt secure software development best practices recommended by the Open Source Security Foundation (OpenSSF) [1]. The OpenSSF Scorecard project check…
gkunz updated
8 months ago
-
Hi, would you be willing to adopt the [Scorecard Github Action][sc-gha]? It proactively runs the [Scorecard][sc] on the repository and warn you in case of any Security Practice that may have changed (…
-
**Is your feature request related to a problem? Please describe.**
Memory safety comes up quite frequently these days in regards to developing secure and safe software. Yet there are hardly any autom…
-
A number of SW supply chain (SWSC) best practices frameworks have come out of CISA, NIST, and the OpenSSF. This issue tracks the implementation plan for meeting these practices.
Implementing these …
-
### Describe the feature or problem you’d like to solve
In order to pass [this OpenSSF Scorecard check](https://github.com/ossf/scorecard/blob/a788a3830d285aa53488f5f479789925ba59de9b/docs/checks.m…
-
Check out docs: https://clomonitor.io/docs/topics/checks/#signed-releases-from-openssf-scorecard
-
Hi, I am Joyce and I'm working on behalf of Google and the [Open Source Security Foundation][ossf] (OpenSSF) to help essential open-source projects improve their supply-chain security.
I would like…
-
Hello!
### What is the feature you want to request?
OSV.dev is asking future additions to https://github.com/google/osv.dev?tab=readme-ov-file#third-party-tools-and-integrations to consider [ado…
-
### 💻
- [X] Would you like to work on this feature?
### What problem are you trying to solve?
Hi, I am Joyce from Google and I'm working on behalf of the [Open Source Security Foundation][ossf] (Op…
-
**Is your feature request related to a problem? Please describe.**
Open-source supply-chain attacks are [increasing every year][sonatype]. Beyond the infamous [SolarWinds][solarwinds] and [Codecov][c…