Require OSSF Scorecard #5255
nikolaydubina
started this conversation in
Ideas
Require OSSF Scorecard
#5255
Replies: 1 comment 2 replies
-
|
cc: @avelino |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
are you proposing that you help us correct the ci? |
Beta Was this translation helpful? Give feedback.
-
|
do you mean adding check that new PRs projects need to have OSSF as part of ci here? I think I can add that. or there is something else is going on with ci here? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
https://securityscorecards.dev
I found it very useful. In fact just by fixing my Go projects to get high score in OSSF Scorecard, I already:
wow!
OSSF Scorecard is integrated already:
it would be simple to verify if repo has badge and is registered in OSSF Scorecards.
we may also in future to enforce minimum score (say 5) for projects.
I think it is very useful and should be standard for all projects that claim to be awesome-go
(there is literally no excuse to fixing CI and harden security... or at least try)
Beta Was this translation helpful? Give feedback.
All reactions