Open pjbgf opened 2 years ago
The statistics shown there are outdated, as we moved from <semver>
to <module>/<semver>
after the creation of the repository. See e.g. https://deps.dev/go/github.com%2Ffluxcd%2Fpkg%2Fruntime
@hiddeco the security advisories is indeed out of date. But the OpenSSF scorecard is at GitHub repository level, so should be the same across all modules.
Hey folks, (new) Scorecard maintainer here! I see @pjbgf on OpenSSF, but just wanted to invite you all to file feature requests/bugs on https://github.com/ossf/scorecard/issues and we'll take a peek. :)
There's an easy way to keep track of scorecard issues using the action https://github.com/ossf/scorecard-action It's integrated in the GitHub scanning dashboard. Don't forget that the hard work you put it could be rewarded via sos.dev!
@justaugustus okie dokie, I previously reported issues by email. From now on will do via that repo. Thanks for the heads up. :+1:
There's an easy way to keep track of scorecard issues using the action https://github.com/ossf/scorecard-action
@laurentsimon nice one, I will take a look at the action.
"The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects."
As of 3rd January, fluxcd/pkg scores 6.2/10. For latest score check deps.dev or manually execute scorecard.
Areas to focus on: