-
Notifications
You must be signed in to change notification settings - Fork 263
OpenSSF Scorecard analysis #6803
Copy link
Copy link
Open
Labels
build-improvementBuild improvements - maven, gradle, GitHub actionsBuild improvements - maven, gradle, GitHub actionscross-projectApply to many repositories in odpi/*Apply to many repositories in odpi/*enhancementNew feature or requestNew feature or requestpinnedKeep open (do not time out)Keep open (do not time out)securitySecurity related (high priority)Security related (high priority)
Description
Metadata
Metadata
Assignees
Labels
build-improvementBuild improvements - maven, gradle, GitHub actionsBuild improvements - maven, gradle, GitHub actionscross-projectApply to many repositories in odpi/*Apply to many repositories in odpi/*enhancementNew feature or requestNew feature or requestpinnedKeep open (do not time out)Keep open (do not time out)securitySecurity related (high priority)Security related (high priority)
Type
Fields
Give feedbackNo fields configured for issues without a type.
Is there an existing issue for this?
Please describe the new behavior that that will improve Egeria
https://github.com/ossf/scorecard-action/tree/v2.0.0-beta.1 has an action that does a scorecard assessment on a repository.
Given concerns on security, and the work being done by the ossify to promote supply chain security, it would be useful to take a look at this action to see if it can help us, and the data can also be published to provide more confidence to consumers of our projects.
This applies across all our repos
Alternatives
n/a
Any Further Information?
none
Would you be prepared to be assigned this issue to work on?