-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve SecurityWG Scorecard #884
Comments
I would like to work on this issue |
@shubham-y feel free to pick one item from the list and make the PR. |
Hi All, I am the founder of StepSecurity. We are developing a few tools like app.stepsecurity.io to simplify developers' work and increase the OpenSSF Scorecard score using automation. Please let me know if I can help in any way. I am curious if this issue is only for this repo or to increase the score across nodejs repos? |
Currently, only this repo. The plan is to perform this for all the repos in the org. |
If we fix remaining issues with token permissions the score will up to ~9.2 For fuzzing I don't think that applicable here. We can also improve the score by completing the |
We can explore how I completed the |
CII-Best-Practices seems interesting. |
UPDATE From #961
|
UPDATE from #981
|
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
I'm closing it since we've achieved our goal of improving the scorecard and now, we're monitoring the score on each meeting. |
Following https://github.com/nodejs/security-wg/blob/main/tools/ossf_scorecard/report.md + Code Scanning, we have a few security concerns to mitigate in this repository and then improve our score. Let's use this issue to keep track of the progress:
.yml
files.The text was updated successfully, but these errors were encountered: