Add OpenSSF Scorecard Github Action and Badge #3140
Assignees
Labels
proposal
An issue that proposes a feature request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I'd like to improve the security of the project, especially against supply-chain attacks. Scorecard will help us track and resolve security risks in our repository and the badge can be a good way to show our users and contributors our commitment to increase the security of the project.
Describe the solution you'd like
The Scorecard system combines dozens of automated checks to let maintainers better understand their project's supply-chain security posture. It is developed by the OpenSSF, with direct support from GitHub.
The OpenSSF has also developed the Scorecard GitHub Action, which adds the results of its checks to the project's security dashboard, as well as suggestions on how to solve any issues (see examples in the Additional context). This Action has been adopted by 1600+ projects already.
I'd like to see the Scorecard GitHub Action and badge added to the project.
Additional context
These are examples of alerts and not from this repo.
The text was updated successfully, but these errors were encountered: