Integrate OpenSSF Scorecard
dustincatap opened this issue · 0 comments
dustincatap commented
Explain in 1-2 sentences. Say what this is about.
Integrate OpenSSF Scorecard to check the blueprint's security risks and vulnerabilities.
Motivation Goals
OpenSSF is a known group of organizations that collaborates and promotes best practices for open source project security. By checking against these standards, users can be more confident towards the blueprint in terms of security and code quality.
In scope
- Update the repository's code scanning
- Update CI to run security scans, see in integrating OpenSFF Scorecard in GitHub Actions
- Fix detected risks and vulnerabilities
- Update the README to display status badge
Out of scope
No response
Risks / unknowns
No response
Examples
No response