ossf scorecard issues - Githubissues

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source

https://scorecard.dev

Apache License 2.0

4.24k stars 458 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

[DRAFT] governance: Draft Incubation application submission

#4200 justaugustus opened 1 day ago
0
:seedling: Bump github.com/goreleaser/goreleaser/v2 from 2.0.0 to 2.0.1 in /tools

#4199 dependabot[bot] closed 1 day ago
0
:seedling: Bump github.com/google/osv-scanner from 1.7.4 to 1.8.1

#4198 dependabot[bot] opened 2 days ago
0
:seedling: Bump github.com/xanzy/go-gitlab from 0.105.0 to 0.106.0

#4197 dependabot[bot] closed 1 day ago
0
:seedling: Bump cloud.google.com/go/pubsub from 1.38.0 to 1.40.0

#4196 dependabot[bot] closed 2 days ago
1
:seedling: Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7

#4195 dependabot[bot] closed 3 days ago
0
Synchronize community health files across OpenSSF Scorecard repos

#4194 justaugustus opened 3 days ago
1
:seedling: Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 in /tools

#4193 dependabot[bot] closed 3 days ago
0
Test for security policy in other places than SECURITY.md

#4192 CsatariGergely opened 4 days ago
0
CI check to check the results of CI tests

#4191 CsatariGergely opened 4 days ago
0
:seedling: Bump the github-actions group across 1 directory with 3 updates

#4190 dependabot[bot] closed 2 days ago
2
pip install with --hash is throwing PinnedDependenciesID

#4189 pdxjohnny closed 3 days ago
5
:seedling: Bump github.com/moby/buildkit from 0.14.0 to 0.14.1

#4187 dependabot[bot] closed 2 days ago
2
:seedling: Bump cloud.google.com/go/pubsub from 1.38.0 to 1.39.0

#4186 dependabot[bot] closed 2 days ago
2
CI-Tests doesn't support Azure Pipelines

#4185 gdong1 closed 1 week ago
6
:book: Generate probe markdown documentation

#4184 spencerschrock closed 1 week ago
0
:seedling: Bump github.com/spf13/cobra from 1.8.0 to 1.8.1

#4183 dependabot[bot] closed 2 days ago
0
:seedling: Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2

#4182 dependabot[bot] closed 1 week ago
1
:seedling: Bump the github-actions group with 2 updates

#4181 dependabot[bot] closed 5 days ago
1
:seedling: Bump golang from `969349b` to `c2010b9`

#4180 dependabot[bot] closed 1 week ago
1
:seedling: Bump chainguard/static from `110b691` to `68b8855`

#4179 dependabot[bot] closed 2 days ago
0
:seedling: add support for parsing azure devops urls

#4178 JamieMagee opened 2 weeks ago
0
Feature: Support for Azure DevOps

#4177 JamieMagee opened 2 weeks ago
0
:sparkles: Add important Go packages to projects.csv

#4176 aklevans opened 2 weeks ago
8
BUG: Contributor check can be false positive

#4175 Zxilly opened 2 weeks ago
0
BUG: scroreboard cannot recognize the GitHub Attestations

#4174 Zxilly opened 2 weeks ago
1
BUG: report not found

#4173 chimera97 opened 2 weeks ago
2
:seedling: add stack info to osv-scanner error

#4172 Zxilly closed 2 weeks ago
4
BUG: osv-scanner panic: runtime error: index out of range [0] with length 0

#4171 Zxilly opened 2 weeks ago
2
:bug: fix: correct sarif json schema url

#4170 Zxilly closed 2 weeks ago
0
:seedling: Bump google.golang.org/protobuf from 1.34.1 to 1.34.2

#4169 dependabot[bot] closed 2 weeks ago
1
:seedling: Bump github.com/moby/buildkit from 0.13.2 to 0.14.0

#4168 dependabot[bot] closed 2 weeks ago
1
:seedling: Hide maintainer annotation implementation details

#4167 spencerschrock closed 2 weeks ago
0
:seedling: Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.1 to 1.6.0 in /tools

#4166 dependabot[bot] closed 2 weeks ago
2
📖 Docs: Maintainer annotations

#4165 raghavkaul closed 2 weeks ago
0
:seedling: Updates harden-runner egress policy to `block` from `audit`

#4163 bmuenzenmeyer opened 2 weeks ago
2
🌱 maintainer annotations: improve annotation file validation

#4162 raghavkaul opened 2 weeks ago
1
:seedling: Bump github.com/golangci/golangci-lint from 1.59.0 to 1.59.1 in /tools

#4161 dependabot[bot] closed 2 weeks ago
1
:seedling: Bump golang from 1.22.3 to 1.22.4

#4160 dependabot[bot] closed 2 weeks ago
0
:seedling: Bump the github-actions group across 1 directory with 3 updates

#4159 dependabot[bot] closed 2 weeks ago
0
:seedling: Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0

#4158 dependabot[bot] closed 3 days ago
2
✨ Add support for Nuget restore

#4157 balteravishay opened 3 weeks ago
11
Scorecard reports vulnerability to closed/fixed CVEs

#4156 randombit closed 2 weeks ago
2
:book: Improve the REUSE parts of the License check

#4155 mxmehl closed 2 weeks ago
3
:bug: keep SARIF runs and rules for exempted checks, only skip the results.

#4153 spencerschrock closed 2 weeks ago
0
🌱 maintainer annotations: search for config

#4152 raghavkaul closed 2 weeks ago
0
:warning: Make all ScorecardResult format options pointers

#4151 spencerschrock closed 2 weeks ago
2
BUG: Scorecards for public repositories without issues sections won't be created

#4150 nwse-che closed 2 weeks ago
4
:seedling: Bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 in /tools

#4149 dependabot[bot] closed 3 weeks ago
2
:seedling: Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0

#4148 dependabot[bot] closed 3 weeks ago
2