s-perron
commented
1 year ago This sound like a reasonable idea. We would accept a PR that enable these checks.
Closed joycebrum closed 1 year ago
s-perron
commented
1 year ago This sound like a reasonable idea. We would accept a PR that enable these checks.
Hi! I'm Joyce again (#5324 and #5147) and I'd like to bring another security suggestion.
Enabling the OpenSSF Scorecard Action can help on identifying best practices on supply chain security to work on. The action alerts appears on the Security Dashboard as can be either dismissed or addressed.
It is good to be aware of some security practices and to notified once a new security practice is stablished for open source projects.
Additionally it is also possible to include a badge that shows the result of the scorecard analysis and link to a viewer with the outputs. Example:
Let me know if you are interested in this action and/or badge and I'll submit a PR configuring it ASAP!