Eddie Knight

Closing this as stale. Happy to have this reopened if it is discussed within the Reproducible Build Working Group.

Subsequent work is being tracked in finos/ansible-cfi-ocp#2 finos/ansible-cfi-ocp#3 and finos/ansible-cfi-ocp#4

Closing this issue as stale.

Need to tackle Postgres as well for this

Closing this as the initial premise "Apply for badge" has been met, and the badge has been added to the README. A follow-up task will need to be created when...

Closing this issue as stale. If anyone would like to volunteer to contribute to the development of policy and IaC related to EventBridge, please discuss that with the Policy or...

Definitely @agilgur5. The SI was adopted by CLOMonitor (not via Scorecard) at the beginning of this month in order to streamline the hygiene checks you listed there. If there's a...

I can't speak on the Scorecard roadmap (but there are folks in the CNCF Slack #security-slam channel who can). I believe there is discussion of extending Scorecard to reference the...

CLOMonitor currently runs a subset of scorecard checks and run a few additional checks that have been recommended by either TAG Security or maintainers of graduated CNCF projects. To compare...

For consideration... if we aren't able to automate discussions properly, I would suggest we disable discussions because we've done a poor job managing them.