Issues
- 0
BUG: Scorecards for public repositories without issues sections won't be created
#4150 opened by nwse-che - 2
Unlicense not accepted as FSF or OSI approved
#4144 opened by egecetin - 2
update the SPDX license list
#4031 opened by spencerschrock - 2
- 1
Specify a user agent for OSV.dev
#4029 opened by spencerschrock - 4
- 1
BUG: Patch Maintainers Annotations
#4048 opened by gabibguti - 3
✨Creating the Scorecard Universe ✨
#4073 opened by justaugustus - 2
Add @lelia as triager
#4136 opened by lelia - 0
- 0
- 4
Parts of security scorecard doesn't allow excluding issues from scoring when they have no affect on an end-user
#4036 opened by yrusskih - 2
- 6
- 4
- 7
BUG: Code-Review missing review markers
#4038 opened by emaste - 3
Why stepsecurity is refereneced so much?
#4081 opened by anantshri - 4
- 4
BUG: Unrecognized CI/CDs
#4050 opened by gabibguti - 0
Feature: Recognize Cirrus-CI as a well-known CI
#4075 opened by emaste - 0
Feature: Service Status Page
#4074 opened by jeffmendoza - 1
- 3
- 4
Feature: Probe whether repo has up-to-date CODEOWNERS
#3931 opened by raghavkaul - 3
Supporting Spack package manager
#3873 opened by crtrott - 2
- 2
Cleanup old error names before full v5 release
#4033 opened by spencerschrock - 1
Include human friendly links for the GitHub artifacts for Signed-Releases
#4030 opened by spencerschrock - 1
README/FAQ: Unclear references to "the webviewer"
#3986 opened by Chealer - 5
OpenSSF - CII Best Practices badge not detected
#3983 opened by lprimak - 1
evaluate codecov/codecov-action v4 token
#3862 opened by spencerschrock - 0
the `Signed-Releases` remediation steps encourage manual manipulation of the source code archives
#4018 opened by junyer - 2
Feature: Rename OutcomePositive/Negative to something more aligned with the security implication of a probe finding
#3866 opened by pnacht - 0
Contribution account age as a factor
#4000 opened by joubin - 1
BUG: Issues with contributor scoring
#3996 opened by siralmat - 0
- 4
CI-tests used in Ledmon project was not detected
#3976 opened by ktanska - 1
- 1
- 5
BUG: License LGPL-2.1-only not discovered
#3869 opened by berndgassmann - 4
Add @LappleApple as triager
#3962 opened by spencerschrock - 0
Feature: Add machine-readable remediation to the hasDangerousWorkflowScriptInjection probe
#3950 opened by pnacht - 1
Vulnerable package has score 10/10 in Vulnerabilities
#3946 opened by jorgsowa - 0
cleanup branch protection tests
#3904 opened by spencerschrock - 2
- 0
Feature: Skip .git folder in localdir client
#3908 opened by pnacht - 4
scorecard started reducing score for vulnerabilities in unrelated packages that aren't imported
#3891 opened by x448 - 2
Dangerous Workflow: some user input are not being detected as untrusted input.
#3915 opened by diogoteles08 - 2
BUG docs haven't been updated to say that Signed-Releases looks for `.sigstore` bundles.
#3914 opened by cpswan - 2