add openssf scorecard/badge and clomonitor exemptions #114
Conversation
Signed-off-by: Jordan Dubrick <[email protected]>
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Jdubrick, michael-valdron The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What does this PR do / why we need it
This request aims to fill out the devfile-web section of the CLOMonitor. This is part of our goal to adopt more best practices. The best practices badge and exemptions are a good way to show that our repositories are setup properly. The scorecard workflow enables code scanning that is used to give the repository a security score while also notifying us of potential vulnerabilities.
Which issue(s) does this PR fix
fixes devfile/api#1385
PR acceptance criteria
Update the sidebar if there is a new file added or an existing filename is changed
How to test changes / Special notes to the reviewer