Require OSSF Scorecard #5255
nikolaydubina
started this conversation in
Ideas
Require OSSF Scorecard
#5255
Replies: 1 comment 2 replies
-
|
cc: @avelino |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
are you proposing that you help us correct the ci? |
Beta Was this translation helpful? Give feedback.
-
|
do you mean adding check that new PRs projects need to have OSSF as part of ci here? I think I can add that. or there is something else is going on with ci here? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
https://securityscorecards.dev
I found it very useful. In fact just by fixing my Go projects to get high score in OSSF Scorecard, I already:
wow!
OSSF Scorecard is integrated already:
it would be simple to verify if repo has badge and is registered in OSSF Scorecards.
we may also in future to enforce minimum score (say 5) for projects.
I think it is very useful and should be standard for all projects that claim to be awesome-go
(there is literally no excuse to fixing CI and harden security... or at least try)
Beta Was this translation helpful? Give feedback.
All reactions