ossf/scorecard

Issues

• CI check to check the results of CI tests

  #4191 opened 6 months ago by CsatariGergely
  3

• Test for security policy in other places than SECURITY.md

  #4192 opened 6 months ago by CsatariGergely
  5

• restore ability to see individual PR results for SAST and Code-Review and document it

  #4245 opened 5 months ago by spencerschrock
  1

• Feature: scorecard.Run() should accept an http.RoundTripper to be used for all outgoing http requests

  #4256 opened 5 months ago by jeffmendoza
  3

• Feature scorecard.Run() should take a leveled logging object/interface instead of or alternatively to log level.

  #4257 opened 5 months ago by jeffmendoza
  3

• Update Code Section Format in Readme

  #4272 opened 5 months ago by Jordin221
  2

• Proposal: Align Scorecard checks with S2C2F Maturity Level 2 requirements

  #4296 opened 4 months ago by adriandiglio
  1

• document and implement changes to the BigQuery schema

  #4299 opened 4 months ago by spencerschrock
  2

• Method for providing certificates for private GitLab server

  #4326 opened 4 months ago by gcatto
  1

• Proposal: Define clear expectations for Triager role in contributor ladder

  #4338 opened 4 months ago by lelia
  3

• Apparently GlobaLeaks CI-Tests seems not recognized.

  #4393 opened 2 months ago by evilaliv3
  1

• Idea: Add some more projects to /projects.csv

  #4392 opened 2 months ago by hejjoe
  1

• OpenSSF Scorecard report viewer does not handle nested gitlab groups correctly

  #4402 opened 2 months ago by stexandev
  1

• Proposal: Improved experience for large-scale (multi-org, multi-repo) deployment of Scorecard

  #4339 opened 4 months ago by lelia
  1

• Feature: Check custom CII Best Practices URL

  #4315 opened 4 months ago by jmgate
  4

• Wrong link in /docs/checks.md file

  #4362 opened 2 months ago by AleX04Nov
  1

• BUG Pinned Dependency checks for nuget/.Net does not consider implicit restore

  #4381 opened 2 months ago by balteravishay
  2

• Feature: Pinned Dependency checks support for Azure DevOps Pipelines

  #4380 opened 2 months ago by balteravishay
  2

• Feature: Checks should support powershell scripts

  #4253 opened 5 months ago by balteravishay
  0

• Support Composer (PHP) Package Manager

  #4378 opened 3 months ago by maennchen
  0

• BUG: .Net Pinned dependency check ignores using RestoreLockedMode

  #4251 opened 3 months ago by balteravishay
  0

• Feature: Document whether scorecard should be used as a requirement for organizations consuming OSS

  #4219 opened 3 months ago by sudo-bmitch
  2

• Public GH repo is getting 422 Validation Failed

  #4352 opened 3 months ago by diberry
  1

• BUG: scorecard does not recognize BSD-2-Clause-Patent license.

  #4347 opened 3 months ago by grom72
  3

• error fix

  #4346 opened 3 months ago by mcneilrp1
  0

• Feature: Recognize Woodpecker-CI as a well-known CI

  #4210 opened 3 months ago by 6543
  2

• Feature: Managed Github App per org instead of github action per repo

  #4333 opened 4 months ago by nitrocode
  2

• BUG: Seeing cert error on https://www.bestpractices.dev/

  #4340 opened 3 months ago by nitrocode
  2

• Feature: support gitea forge

  #4209 opened 6 months ago by 6543
  2

• BUG: Missing data for repository

  #4329 opened 4 months ago by nitrocode
  2

• Revisit scoring for Security Policy check

  #4215 opened 6 months ago by justaugustus
  1

• Feature: Support for Azure DevOps

  #4177 opened 6 months ago by JamieMagee
  2

• Synchronize community health files across OpenSSF Scorecard repos

  #4194 opened 6 months ago by justaugustus
  2

• BUG: CI-Tests and SAST internal error for private repository, full permissions granted

  #4307 opened 4 months ago by byangtri
  0

• Internal Go error when scanning a package internal to my own gitlab instance

  #4303 opened 4 months ago by andrew-lovato
  1

• Investigate GitHub commit status failures

  #4273 opened 5 months ago by spencerschrock
  1

• Incorrectly formatted example link

  #4247 opened 5 months ago by JeremiahAHoward
  2

• BUG

  #4280 opened 5 months ago by Azooz1988
  1

• BUG: Contributor check can be false positive

  #4175 opened 6 months ago by Zxilly
  2

• BUG: .Net pinned dependency should support Central Package Management

  #4252 opened 5 months ago by balteravishay
  1

• Add Adrianne Marcum (@afmarcum) as a triager

  #4205 opened 5 months ago by justaugustus
  3

• BUG githubrepo.Client.GetOrgRepoClient() does not use parent Client transport

  #4255 opened 5 months ago by jeffmendoza
  3

• Documentation: Document how to call Scorecard as a library.

  #4258 opened 5 months ago by jeffmendoza
  1

• Request: make the internal/packageclient package not internal

  #4254 opened 5 months ago by jeffmendoza
  5

• CI-Tests doesn't support Azure Pipelines

  #4185 opened 6 months ago by gdong1
  3

• BUG Sonarcloud not detected consistently

  #4237 opened 5 months ago by matmair
  4

• Bug: tools/go.mod has invalid Go version 1.22

  #4241 opened 5 months ago by jpmcb
  3

• BUG - Pinned-Dependencies has false positive on multi-stage Dockerfile

  #4220 opened 5 months ago by fproulx-boostsecurity
  1

• pip install with --hash is throwing PinnedDependenciesID

  #4189 opened 6 months ago by johnandersen777
  5

• BUG: scroreboard cannot recognize the GitHub Attestations

  #4174 opened 6 months ago by Zxilly
  1