issues
search
ossf
/
scorecard
OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.63k
stars
504
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
🌱 Update active `cisco` projects, remove `cisco-open` projects
#4226
lelia
closed
4 months ago
2
:warning: Delete dependency diff leftover file
#4225
spencerschrock
closed
4 months ago
0
:seedling: Bump chainguard/static from `a1f8a15` to `d94c01c`
#4224
dependabot[bot]
closed
4 months ago
1
:seedling: Bump the distroless group across 6 directories with 1 update
#4223
dependabot[bot]
closed
4 months ago
0
:seedling: Bump the golang group across 8 directories with 1 update
#4222
dependabot[bot]
closed
4 months ago
1
:seedling: Bump the github-actions group with 2 updates
#4221
dependabot[bot]
closed
4 months ago
1
BUG - Pinned-Dependencies has false positive on multi-stage Dockerfile
#4220
fproulx-boostsecurity
closed
4 months ago
1
Feature: Document whether scorecard should be used as a requirement for organizations consuming OSS
#4219
sudo-bmitch
closed
2 months ago
2
:sparkles: Add machine-readable patch to fix script injections in workflows
#4218
pnacht
closed
3 weeks ago
13
📖 SECURITY: Represent response times in business days instead of hours
#4217
justaugustus
closed
5 months ago
0
:seedling: Bump the golang group across 8 directories with 1 update
#4216
dependabot[bot]
closed
5 months ago
2
Revisit scoring for Security Policy check
#4215
justaugustus
opened
5 months ago
1
:seedling: Bump chainguard/static from `68b8855` to `a1f8a15`
#4214
dependabot[bot]
closed
5 months ago
0
:seedling: Bump the golang group across 8 directories with 1 update
#4213
dependabot[bot]
closed
5 months ago
3
:book: Update security policy to be specific to OpenSSF Scorecard
#4212
justaugustus
closed
5 months ago
5
:seedling: fix dependabot config to group docker images
#4211
spencerschrock
closed
5 months ago
1
Feature: Recognize Woodpecker-CI as a well-known CI
#4210
6543
closed
2 months ago
2
Feature: support gitea forge
#4209
6543
opened
5 months ago
3
:seedling: Migrate other RunScorecard callers
#4208
spencerschrock
closed
4 months ago
1
:seedling: Use new entrypoint for cron worker
#4207
spencerschrock
closed
5 months ago
1
:seedling: Adding 377 Intel owned repositories that aren't currently scanned by Scorecard
#4206
ware
closed
5 months ago
0
Add Adrianne Marcum (@afmarcum) as a triager
#4205
justaugustus
closed
4 months ago
3
:seedling: Use new entrypoint for scdiff
#4204
spencerschrock
closed
5 months ago
2
:seedling: Use new Scorecard entrypoint for CLI
#4203
spencerschrock
closed
4 months ago
0
:seedling: Bump github/codeql-action from 3.25.10 to 3.25.11 in the github-actions group
#4202
dependabot[bot]
closed
5 months ago
4
ossf.yml
#4201
MichaelBiegluk
closed
5 months ago
1
📖 governance: Add Incubation application submission
#4200
justaugustus
closed
2 months ago
2
:seedling: Bump github.com/goreleaser/goreleaser/v2 from 2.0.0 to 2.0.1 in /tools
#4199
dependabot[bot]
closed
5 months ago
0
:seedling: Bump github.com/google/osv-scanner from 1.7.4 to 1.8.1
#4198
dependabot[bot]
closed
5 months ago
0
:seedling: Bump github.com/xanzy/go-gitlab from 0.105.0 to 0.106.0
#4197
dependabot[bot]
closed
5 months ago
0
:seedling: Bump cloud.google.com/go/pubsub from 1.38.0 to 1.40.0
#4196
dependabot[bot]
closed
5 months ago
1
:seedling: Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7
#4195
dependabot[bot]
closed
5 months ago
0
Synchronize community health files across OpenSSF Scorecard repos
#4194
justaugustus
opened
5 months ago
2
:seedling: Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 in /tools
#4193
dependabot[bot]
closed
5 months ago
0
Test for security policy in other places than SECURITY.md
#4192
CsatariGergely
opened
5 months ago
5
CI check to check the results of CI tests
#4191
CsatariGergely
opened
5 months ago
3
:seedling: Bump the github-actions group across 1 directory with 3 updates
#4190
dependabot[bot]
closed
5 months ago
2
pip install with --hash is throwing PinnedDependenciesID
#4189
johnandersen777
closed
5 months ago
5
:seedling: Bump github.com/moby/buildkit from 0.14.0 to 0.14.1
#4187
dependabot[bot]
closed
5 months ago
2
:seedling: Bump cloud.google.com/go/pubsub from 1.38.0 to 1.39.0
#4186
dependabot[bot]
closed
5 months ago
2
CI-Tests doesn't support Azure Pipelines
#4185
gdong1
closed
5 months ago
9
:book: Generate probe markdown documentation
#4184
spencerschrock
closed
5 months ago
0
:seedling: Bump github.com/spf13/cobra from 1.8.0 to 1.8.1
#4183
dependabot[bot]
closed
5 months ago
0
:seedling: Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2
#4182
dependabot[bot]
closed
5 months ago
1
:seedling: Bump the github-actions group with 2 updates
#4181
dependabot[bot]
closed
5 months ago
1
:seedling: Bump golang from `969349b` to `c2010b9`
#4180
dependabot[bot]
closed
5 months ago
1
:seedling: Bump chainguard/static from `110b691` to `68b8855`
#4179
dependabot[bot]
closed
5 months ago
0
:seedling: add support for parsing azure devops urls
#4178
JamieMagee
closed
3 months ago
3
Feature: Support for Azure DevOps
#4177
JamieMagee
opened
5 months ago
3
:sparkles: Add important Go packages to projects.csv
#4176
aklevans
closed
4 months ago
9
Previous
Next