Closed jku closed 1 year ago
well, deps.dev doesn't list the scorecard for python-tuf anymore :(
We'll need to either setup the workflow on the project or someone runs scorecard on their own machine and pastes details here
Btw,
This search on http://console.cloud.google.com/bigquery using project "openssf" gives the most recent results:
SELECT * FROM `openssf.scorecardcron.scorecard-v2_latest` WHERE repo.name="github.com/theupdateframework/python-tuf"
well, deps.dev doesn't list the scorecard for python-tuf anymore :(
And now it does again 🤷♂️
Enabling scorecard as an action still makes sense I think
https://deps.dev/project/github/theupdateframework%2Fpython-tuf
We're getting 0/10 on the openssf scorecard for Token-Permissions. I think some of those may be flaws in the scorecard tool (output even mentions "known issues") but I think this warrants a closer read and possibly filing issues for fixing the problems.