Closed 5minpause closed 1 year ago
Hi, thanks for the issue and suggestion!
We have an internal security team that looks after our projects and makes sure that we do our best to keep our software safe. We have CI tools we're familiar with already and use it where necessary. The report from this tool doesn't give me confidence as it already declared multiple things incorrectly. As such, I don't think we should add this.
I tested this project using OSSF Scorecard by the Open Source Security Foundation. Their aim is:
Unfortunately, this project only received a value of 6.2/10
Please follow these steps to add the Action to the codescanning suite to ensure this project continues to stays safe Steps to install the workflow
Results of the scan