search

odpi / egeria

Egeria core
https://egeria-project.org
Apache License 2.0
808 stars 261 forks source link

OpenSSF Scorecard analysis #6803

Open planetf1 opened 2 years ago

planetf1 commented 2 years ago

Is there an existing issue for this?

Please describe the new behavior that that will improve Egeria

https://github.com/ossf/scorecard-action/tree/v2.0.0-beta.1 has an action that does a scorecard assessment on a repository.

Given concerns on security, and the work being done by the ossify to promote supply chain security, it would be useful to take a look at this action to see if it can help us, and the data can also be published to provide more confidence to consumers of our projects.

This applies across all our repos

Alternatives

n/a

Any Further Information?

none

Would you be prepared to be assigned this issue to work on?

planetf1 commented 2 years ago

The scan has now been added to base egeria. Issues will be reported to the security tab ie https://github.com/odpi/egeria/security/code-scanning?query=is%3Aopen+branch%3Amaster+tool%3AScorecard

Screenshot 2022-10-05 at 09 36 36
github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 20 days if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 20 days if no further activity occurs. Thank you for your contributions.