🛠️ [TASK] : Add Scorecards supply-chain security Job

input-output-hk / catalyst-voices

🎙️ Catalyst Voices provides a unified experience and platform including production-ready liquid democracy, meaningful collaboration opportunities & data-driven context for better onboarding & decisions.

https://input-output-hk.github.io/catalyst-voices/

Apache License 2.0

18 stars 5 forks source link

🛠️ [TASK] : Add Scorecards supply-chain security Job #21

Open minikin opened 9 months ago

minikin commented 9 months ago

Implement a Scorecards supply-chain security job within the CI/CD pipeline to systematically evaluate and score the security postures of all dependencies in the software supply chain. This job will utilize automated tools to identify potential vulnerabilities, outdated libraries, and security misconfigurations. The scoring mechanism will aid developers and security teams prioritize updates and remediations, ensuring a secure and robust application environment.

jmgilman commented 9 months ago

This is a larger task within IOG. Might be worth checking on the status before we do our own thing.