Investigate OpenSSF security scorecard

Question

Investigate OpenSSF security scorecard

jmgate opened this issue a year ago · 2 comments

jmgate commented a year ago

https://securityscorecards.dev/

Securing Projects with OpenSSF Scorecard (LFEL1006)

CNCF security guidelines

Answer 1 · 2024-01-15T18:44:43.000Z

When we look into, we can add a badge along these lines:

[![OpenSSF Scorecard](htt‌ps://api.securityscorecards.dev/projects/github.com/{owner}/{repo}/badge)](htt‌ps://securityscorecards.dev/viewer/?uri=github.com/{owner}/{repo})

Answer 2 · 2024-04-15T19:59:40.000Z

Should just need to add this action:

- name: OSSF Scorecard action
  uses: ossf/scorecard-action@v2.3.1