Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install ossf scorecards action and investigate the results #142

Open
alan-strohm opened this issue Apr 3, 2025 · 3 comments
Open

Install ossf scorecards action and investigate the results #142

alan-strohm opened this issue Apr 3, 2025 · 3 comments

Comments

@alan-strohm
Copy link
Collaborator

Install the Scorecards Action and investigate the results. Scorecard is an automated tool that scans the project for security best practices. The GitHub Action runs a Scorecard scan on each change to the repository so you can monitor whether code changes introduce new security issues.
@alan-strohm alan-strohm mentioned this issue Apr 3, 2025
Open
@rsned
Copy link
Collaborator

rsned commented Apr 3, 2025

Created #143 to create the scorecard action.

@jmr
Copy link
Collaborator

jmr commented Apr 10, 2025

Does #143 fix this or is there more to do?

@alan-strohm alan-strohm changed the title Install ossf scorecards action Install ossf scorecards action and investigate the results Apr 10, 2025
@alan-strohm
Copy link
Collaborator Author

We should at least look at how to handle the "high" results here: https://github.com/golang/geo/security/code-scanning I already added a bug for the dependabot one. I haven't had a chance to look into why it thinks code-review is not required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmr @alan-strohm @rsned