ossf/scorecard

Issues

• BUG: osv-scanner panic: runtime error: index out of range [0] with length 0

  #4171 opened 5 months ago
  8

• Scorecard reports vulnerability to closed/fixed CVEs

  #4156 opened 7 months ago
  2

• BUG: Scorecards for public repositories without issues sections won't be created

  #4150 opened 6 months ago
  4

• Unlicense not accepted as FSF or OSI approved

  #4144 opened 7 months ago
  4

• [Docs] Clarify licensing information for bigquery public dataset

  #4143 opened 7 months ago
  3

• Add @lelia as triager

  #4136 opened 6 months ago
  6

• Gap Analysis - Concise Guide for Evaluating Open Source Software

  #4124 opened 7 months ago
  1

• Feature: Check for SBOMs in CI/CD Artifacts as well as releases

  #4119 opened 7 months ago
  1

• Why stepsecurity is refereneced so much?

  #4081 opened 7 months ago
  3

• Use GItHub attestations to check for signed releases

  #4080 opened 8 months ago
  5

• Feature: Recognize Cirrus-CI as a well-known CI

  #4075 opened 8 months ago
  1

• Feature: Service Status Page

  #4074 opened 8 months ago
  1

• ✨Creating the Scorecard Universe ✨

  #4073 opened 8 months ago
  4

• BUG Signed-Releases: internal error: too many releases, please report this

  #4059 opened 8 months ago
  1

• BUG: Unrecognized CI/CDs

  #4050 opened 8 months ago
  4

• support querying platform specific API capabilities in RepoClient

  #4049 opened 8 months ago
  3

• BUG: Patch Maintainers Annotations

  #4048 opened 4 months ago
  3

• BUG: Pinned-Dependencies need ability to exclude non-build/release workflows

  #4039 opened 8 months ago
  3

• BUG: Code-Review missing review markers

  #4038 opened 8 months ago
  7

• Existing OpenSSF best practices badge isn't added to a scorecard report

  #4037 opened 8 months ago
  4

• Parts of security scorecard doesn't allow excluding issues from scoring when they have no affect on an end-user

  #4036 opened 8 months ago
  4

• Cleanup old error names before full v5 release

  #4033 opened 8 months ago
  2

• improve binary artifact and license tests to match other checks

  #4032 opened 8 months ago
  4

• update the SPDX license list

  #4031 opened 4 months ago
  7

• Include human friendly links for the GitHub artifacts for Signed-Releases

  #4030 opened 5 months ago
  3

• Specify a user agent for OSV.dev

  #4029 opened 8 months ago
  1

• the `Signed-Releases` remediation steps encourage manual manipulation of the source code archives

  #4018 opened 9 months ago
  1

• Contribution account age as a factor

  #4000 opened 9 months ago
  1

• BUG: Issues with contributor scoring

  #3996 opened 9 months ago
  1

• "Vulnerabilities" check: unclear description ("open vulnerabilities")

  #3994 opened 9 months ago
  9

• README: Unable to query Public data using BigQuery Explorer

  #3989 opened 9 months ago
  4

• README/FAQ: Unclear references to "the webviewer"

  #3986 opened 9 months ago
  2

• OpenSSF - CII Best Practices badge not detected

  #3983 opened 8 months ago
  5

• CI-tests used in Ledmon project was not detected

  #3976 opened 9 months ago
  4

• Github runs are warning/failing because of out of date node configuration

  #3968 opened 9 months ago
  1

• Add @LappleApple as triager

  #3962 opened 9 months ago
  4

• BUG: `pip install --upgrade pip` in Dockerfile gets flagged

  #3953 opened 9 months ago
  2

• Feature: Add machine-readable remediation to the hasDangerousWorkflowScriptInjection probe

  #3950 opened 2 months ago
  3

• Vulnerable package has score 10/10 in Vulnerabilities

  #3946 opened 9 months ago
  1

• Feature: scoring arbitrary projects hosted on neither GitHub nor GitLab

  #3945 opened 9 months ago
  2

• Feature: Probe whether repo has up-to-date CODEOWNERS

  #3931 opened 10 months ago
  5

• Dangerous Workflow: some user input are not being detected as untrusted input.

  #3915 opened 10 months ago
  3

• BUG docs haven't been updated to say that Signed-Releases looks for `.sigstore` bundles.

  #3914 opened 10 months ago
  2

• BUG `.sigstore` bundles are not being found by Signed-Releases check

  #3913 opened 8 months ago
  6

• Feature: Skip .git folder in localdir client

  #3908 opened 9 months ago
  0

• cleanup branch protection tests

  #3904 opened 9 months ago
  0

• scorecard started reducing score for vulnerabilities in unrelated packages that aren't imported

  #3891 opened 10 months ago
  4

• Supporting Spack package manager

  #3873 opened 10 months ago
  3

• BUG: License LGPL-2.1-only not discovered

  #3869 opened 10 months ago
  5

• Feature: Rename OutcomePositive/Negative to something more aligned with the security implication of a probe finding

  #3866 opened 9 months ago
  2