Improve Scorecard Score for Kubearmor

[rootxrishabh]

Feature Request

Short Description

Improve the aggregate OSSF/Scorecard score received for Kubearmor
Currently, the score we received was 5.1/10.

Is your feature request related to a problem? Please describe the use case.

No

Describe the solution you'd like

Work on each area to analyze where the score is dropped and how we can improve upon it!

• Dangerous Workflow
• Binary Artifacts
• Branch Protection
• CI Tests
• Code Review
• Contributors
• Dependency-Update-Tool
• Fuzzing
• Maintained
• Packaging
• SAST
• Security Policy
• Signed-Releases
• Vulnerabilities
• Token-Permission

Scorecard Result Details

Aggregate score: 5.1 / 10

SCORE	NAME	REASON	DOCUMENTATION/REMEDIATION
10 / 10	Dangerous-Workflow	No dangerous workflow detected	https://github.com/ossf/scorecard/blob/4edb07802fdad892fa8d10f8fd47666b6ccc27c9/docs/checks.md#dangerous-workflow
0 / 10	Binary-Artifacts	multiple binary artifacts found	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#binary-artifacts
2 / 10	Branch-Protection	branch protection is not maximal on main and all release branches	https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule and https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule
10 / 10	CI-Tests	30 out of 30 merged PRs checked by a CI test -- score normalized to 10	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#ci-tests
5 / 10	CII-Best-Practices	badge detected: passing	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#cii-best-practices
10 / 10	Code-Review	GitHub code reviews found for 30 commits out of the last 30 -- score normalized to 10	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#code-review
10 / 10	Contributors	44 different companies found -- score normalized to 10	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#contributors
10 / 10	Dependency-Update-Tool	update tool detected	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#dependency-update-tool
0 / 10	Fuzzing	project is not fuzzed	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#fuzzing
10 / 10	Maintained	30 commit(s) out of 30 and 30 issue activity out of 30 found in the last 90 days -- score normalized to 10	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#maintained
10 / 10	Packaging	publishing workflow detected	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#packaging
0 / 10	Pinned-Dependencies	No dependencies are pinned	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#pinned-dependencies
0 / 10	SAST	SAST tool is not run on all commits -- score normalized to 0	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#sast and https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository
10 / 10	Security-Policy	security policy file detected	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#security-policy
0 / 10	Signed-Releases	0 out of 5 artifacts are signed -- score normalized to 0	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#signed-releases and https://wiki.debian.org/Creating%20signed%20GitHub%20releases
0 / 10	Token-Permissions	non read-only tokens detected in GitHub workflows, tokens are not managed	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#token-permissions
10 / 10	Vulnerabilities	Several vulnerabilities detected	https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#vulnerabilities

CC @daemon1024 @nyrahul

[DelusionalOptimist]

Vulnerabilities are a P0 - we'll create PRs first which require dep updates.
Other tasks need to be done by maintainers.

[DelusionalOptimist]

Reopening as we still have to improve the score.