Enable OpenSSF Scorecard Action and Badge #3530
Labels
Comments
|
Thanks for the suggestion. I wonder how are these warnings reported? Could you give an example? |
|
In any case a PR is welcome. |
|
Hi, the reports appears on the security dashboard at the code scanning: I'm submiting a PR configuring the workflow with some explanation comments. I can remove it later if you prefer. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi again,
I'd like to suggest a tool that might help on tracking supply-chain security practice improvements, which is the OpenSSF Scorecard Action
It proactively runs the Scorecard on the repository and warn you in case of any Security Practice that may have changed (example: a new workflow was created without top level permissions).
The action has been adopted by 1800+ projects, having some prominent users such as Tensorflow, Angular, Flutter, sos.dev and deps.dev.
Would you be interested in a PR which adds this Action? Optionally it can also publish your results to the OpenSSF REST API, which allows a badge with the project's score to be added to its README.
Example:
In case of doubts or concerns you can try to check Scorecards FAQ. Anyway, feel free to reach out to me, I'll be happy to help or gather feedback.
The text was updated successfully, but these errors were encountered: