haraldk
commented
1 year ago Hi Joyce,
Thank you for your contributions so far! And yes, I would like a PR for enabling scorecard action, that would be nice. 😀
Closed joycebrum closed 1 year ago
haraldk
commented
1 year ago Hi Joyce,
Thank you for your contributions so far! And yes, I would like a PR for enabling scorecard action, that would be nice. 😀
Hi, it's Joyce again and I've got another security suggestion for TwelveMonkeys.
Is your feature request related to a use case or a problem you are working on? Please describe.
It is related to increasing the project's supply chain security in order to prevent and mitigate many attack vectors.
Describe the solution you'd like
I'd like to suggest that the project add the OpenSSF Scorecard Action. The OpenSSF Scorecard runs a "meta-analysis" of the project's security posture, and the Action then populates the project's Security Panel with possible improvements to its security posture.
The project's current score is 7.2 out of 10, which puts Twelve Monkeys at the top 8% of relevant projects!
It was through Scorecard that I've detected the issues fixed in #733, #741 and #748. The Action would simply do the same thing, letting you know if there's anything you can do to improve TwelveMonkeys' security. The Security Panel notifications include not only the reasoning for each check's score, but also remediation steps.
If you're interested, let me know and I'll send a PR!