first of all, I want to thank you for your work on aio-pika! We are currently working on adopting aio-pika and as part of that process ran a security scan using securityscorecards.
Through this scan we found a few things that could be easily improved to help user and companies with strict security requirements to adopt aio-pika:
Introducing a security policySecurity.md file to let users know how to report vulnerabilities. I am also happy to provide a PR for this.
Enable full branch protection to require PR reviews and status checks to pass as well as prevent force push.
You can find a full list of the performed checks here (above I only listed the low hanging fruits that can be easily fixed).
You can get the full report by running docker run -e GITHUB_AUTH_TOKEN=$GITHUB_TOKEN gcr.io/openssf/scorecard:stable --repo=https://github.com/mosquito/aio-pika
Implementing these changes would help us and other users to adopt aio-pika for our projects!
Hi,
first of all, I want to thank you for your work on aio-pika! We are currently working on adopting aio-pika and as part of that process ran a security scan using securityscorecards.
Through this scan we found a few things that could be easily improved to help user and companies with strict security requirements to adopt aio-pika:
Security.md
file to let users know how to report vulnerabilities. I am also happy to provide a PR for this.You can find a full list of the performed checks here (above I only listed the low hanging fruits that can be easily fixed).
You can get the full report by running
docker run -e GITHUB_AUTH_TOKEN=$GITHUB_TOKEN gcr.io/openssf/scorecard:stable --repo=https://github.com/mosquito/aio-pika
Implementing these changes would help us and other users to adopt aio-pika for our projects!