Closed tdrozdovsky closed 2 years ago
OpenSSF ScoreCard status of the Edge-Orchestration project | SCORE_ | NAME | REASON |
---|---|---|---|
10 / 10 | Binary-Artifacts | no binaries found in the repo | |
0 / 10 | Branch-Protection | branch protection not enabled on development/release branches | |
10 / 10 | CI-Tests | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | |
7 / 10 | CII-Best-Practices | badge detected: silver | |
10 / 10 | Code-Review | GitHub code reviews | |
10 / 10 | Code-Review | GitHub code reviews found for 30 commits out of the last 30 -- score normalized to 10 | |
10 / 10 | Contributors | 3 different companies found -- score normalized to 10 | |
0 / 10 | Dependency-Update-Tool | no update tool detected | |
0 / 10 | Fuzzing | project is not fuzzed in OSS-Fuzz | |
10 / 10 | Maintained | 30 commit(s) found in the last 90 days -- score normalized to 10 | |
? | Packaging | no published package detected | |
5 / 10 | Pinned-Dependencies | unpinned dependencies detected -- score normalized to 5 | |
10 / 10 | SAST | SAST tool is run on all commits | |
0 / 10 | Security-Policy | security policy file not detected | |
10 / 10 | Signed-Releases | 5 out of 5 artifacts are signed -- score normalized to 10 | |
0 / 10 | Token-Permissions | non read-only tokens detected in GitHub workflows | |
10 / 10 | Vulnerabilities | no vulnerabilities detected |
@tdrozdovsky What do you think of applying an action of scorecards? Please refer to the blog
@tdrozdovsky What do you think of applying an action of scorecards? Please refer to the blog
@t25kim Thanks for the information! This is good news. I will study it. And I will try to implement in our project
@t25kim I tested it. Everything works well. To implement it, we need to have admin rights to configure it. I will create a ticket to configure this.