OpenSSF ScoreCard status of the Edge-Orchestration

[tdrozdovsky]

OpenSSF ScoreCard status of the Edge-Orchestration project	SCORE_	NAME	REASON
10 / 10	Binary-Artifacts	no binaries found in the repo
0 / 10	Branch-Protection	branch protection not enabled on development/release branches
10 / 10	CI-Tests	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
7 / 10	CII-Best-Practices	badge detected: silver
10 / 10	Code-Review	GitHub code reviews
10 / 10	Code-Review	GitHub code reviews found for 30 commits out of the last 30 -- score normalized to 10
10 / 10	Contributors	3 different companies found -- score normalized to 10
0 / 10	Dependency-Update-Tool	no update tool detected
0 / 10	Fuzzing	project is not fuzzed in OSS-Fuzz
10 / 10	Maintained	30 commit(s) found in the last 90 days -- score normalized to 10
?	Packaging	no published package detected
5 / 10	Pinned-Dependencies	unpinned dependencies detected -- score normalized to 5
10 / 10	SAST	SAST tool is run on all commits
0 / 10	Security-Policy	security policy file not detected
10 / 10	Signed-Releases	5 out of 5 artifacts are signed -- score normalized to 10
0 / 10	Token-Permissions	non read-only tokens detected in GitHub workflows
10 / 10	Vulnerabilities	no vulnerabilities detected

[tiokim]

@tdrozdovsky What do you think of applying an action of scorecards? Please refer to the blog

[tdrozdovsky]

@tdrozdovsky What do you think of applying an action of scorecards? Please refer to the blog

@t25kim Thanks for the information! This is good news. I will study it. And I will try to implement in our project

[tdrozdovsky]

@t25kim I tested it. Everything works well. To implement it, we need to have admin rights to configure it. I will create a ticket to configure this.