MariMakes
commented
2 years ago Hey @gabibguti
Welcome to the Ultimaker Cura Github 🚀 Sorry, it took us a while to get back to you 😞
I'm not very knowledgeable if it comes to the build environment but this looks like a really good suggestion. Thank you 😄
I'll bring it up with the team to see if this is something we can implement. Fingers Crossed 🤞
rburema
Is your feature request related to a problem?
This feature request is related to improving the project's security posture. There are some best practices that could be raised and encouraged in Cura, such as ensure all releases are signed and follow lest privilege rule for GitHub Workflows.
Describe the solution you'd like
I would like to suggest using Scorecards tool to perform automated security checks and help maintainers better understand where in the supply-chain the repository could be compromised. The tool is developed by the Open Source Security Foundation, in partnership with GitHub.
Describe alternatives you've considered
.
Affected users and/or printers
Cura maintainers, Cura users and the Open Source community. We all could benefit from viewing that the repository is concerned about security, that the repository is acting to improve the supply-chain security, and raising awareness to help us all build and consume more secure software.
Additional information & file uploads
Additional context about me:
I currently work on behalf of Google and the Open Source Security Foundation helping open-source projects to improve their supply-chain security.
Additional context about Scorecards:
The Scorecard GitHub Action is very lightweight and runs on each change to the repository's main branch. The results of its checks are available on to the project's security dashboard, and include suggestions on how to solve any issues (see examples below). The Action does not run or interact with any workflows, but merely parses them to identify possible vulnerabilities. Over 1600 projects have added the action already.