Closed joycebrum closed 1 year ago
Thanks so much for this @joycebrum ! We'd be happy to accept a PR adding this to our repo 🙏
¡Ay Caramba!! I just released https://github.com/storybookjs/storybook/releases/tag/v7.0.0-beta.27 containing PR #19755 that references this issue. Upgrade today to the @next
NPM tag to try it out!
npx sb@next upgrade --prerelease
Is your feature request related to a problem? Please describe
Hi I am Joyce from Google and I'm working on behalf of the Open Source Security Foundation (OpenSSF) to help open source projects to improve their supply-chain security, since open source supply-chain attacks are increasing every year.
Besides, many maintainers, due to lack of time, are not able to be always up to date to the best security posture and best practices to follow to mitigate security vulnerabilities in the project.
Describe the solution you'd like
The Scorecard Github Action (developed by the OpenSSF, in partnership with GitHub) is an easy and fast way to run the Scorecard frequently in the project to check the project's security posture and identify which changes would be interesting to be adopted in order to improve its supply-chain security.
The Scorecard Github Action runs all the Scorecard checks and uploads the result in the project's security dashboard, with suggestion on how to solve any issue (see examples on the Addional Context). It also allows a badge to be added to the README file with the project's score.
This Action has been adopted by 1800+ projects already, having some prominent users like Tensorflow, Angular, Flutter, sos.dev and deps.dev.
For common question, you can try checking Scorecard FAQ, anyway feel free to reach me out.
Would a PR with this changes be welcome? I can open it if you are ok with it.
Describe alternatives you've considered
No response
Are you able to assist to bring the feature to reality?
yes, I can
Additional context