k8s-triage-robot
commented
2 weeks ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
What would you like to be added:
Example coredns https://github.com/coredns/coredns/blob/master/.github/workflows/scorecards.yml
Example helm https://github.com/helm/helm/issues/13243
OpenSSFF Scorecard https://github.com/ossf/scorecard
Add github action https://github.com/ossf/scorecard-action
Maintainters need to add PAT token https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Current Score is 5.0 https://scorecard.dev/viewer/?uri=github.com/gofogo/k8s-sigs-external-dns-fork
Why is this needed:
This project is a collaborative effort between the CNCF and Google's Open Source Security Team to improve security practices across various CNCF projects. The focus is identifying and addressing security vulnerabilities, integrating security tools like OSS-Fuzz, and enhancing build and release security processes. The goal is to get all CNCF projects to use scorecards (focusing on graduated/incubating projects first) and to remediate some of the findings.