Enable OpenSSF Scorecard Action #1379
Comments
|
@joycebrum I'm happy to try out this tool, if you supply a PR configuring it that'd be great 🙇 |
|
How does this tool work can you put me through it |
|
Sure! It uses the GitHub APIs and GraphQL to gather information about the project and understand possible improvements considering a set of criteria. These criteria are ways to mitigate known supply-chain attack vectors. The tool is an Open Source Security Foundation initiative to fight the increasing on supply-chain attack incidents. |
JakeChampion
pushed a commit
that referenced
this issue
Sep 16, 2023
Closes #1379 Badge score on the badge will be probably be 5.5 (which is a good score).
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi again, I'd like to suggest the adoption of the OpenSSF Scorecard Action. It is a tool developed by the Open Source Security Foundation that analyse the project looking for possible improvements regarding supply-chain security practices.
It generates warnings with the findings that (optionally) can be seen in the security dashboard. The project's score can also be optionally shared through a badge.
Let me know if you are interesting on the tool and I can submit a PR configuring it.
Thanks!
The text was updated successfully, but these errors were encountered: