-
In accordance with OpenSSF's recommendations, we should be cryptographically signing our GitHub releases with a GPG key.
* OpenSSF Guidance: https://github.com/ossf/scorecard/blob/4edb07802fdad892f…
-
Currently, the `RepoClient` data format uses primitive Golang types. This means that when certain values are not returned, the result struct will have default values set. This can lead to incorrect re…
-
Hi,
The scorecard function param says "model: A LogisticRegression model object."
…
-
From @/swinslow in https://github.com/ossf/scorecard/pull/1532#discussion_r792935609:
> (@justaugustus for visibility, I'm no longer employed by the LF, so I'm not speaking on their behalf here in …
-
Require GitHub tags to be signed as per https://github.com/ossf/scorecard/blob/main/checks/checks.md#signed-tags
-
Hey dear security team,
I was made aware of the [OpenSSF program](https://openssf.org/) in the course of Google Summer of Code. There are two actions I'm trying to set up for JupyterLab:
- [OpenSS…
-
At some point this scorecard was showing "+0%" but I'm unable to reproduce it. This would be a GDS bug.
 docs to learn more.
## Open
These updates have all …
-
the [deps.dev API](https://docs.deps.dev/api/v3alpha/) contains interesting package and repository information for a small number of ecosystems, including Scorecard data. I have an [open question](htt…
-
### Description
As an explorer user with little experience, I want to have more clarity on how the Wormhole stats chart is being reported to find more value in the data presented.
### Acceptance Cri…