geo icon indicating copy to clipboard operation
geo copied to clipboard

Published 20 hours ago verified publisher icon golang

Install ossf scorecards action and investigate the results

Open alan-strohm opened this issue 7 months ago • 3 comments
trafficstars

Install the Scorecards Action and investigate the results. Scorecard is an automated tool that scans the project for security best practices. The GitHub Action runs a Scorecard scan on each change to the repository so you can monitor whether code changes introduce new security issues.

alan-strohm avatar Apr 03 '25 19:04 alan-strohm

Created https://github.com/golang/geo/pull/143 to create the scorecard action.

rsned avatar Apr 03 '25 22:04 rsned

Does #143 fix this or is there more to do?

jmr avatar Apr 10 '25 09:04 jmr

We should at least look at how to handle the "high" results here: https://github.com/golang/geo/security/code-scanning I already added a bug for the dependabot one. I haven't had a chance to look into why it thinks code-review is not required.

alan-strohm avatar Apr 10 '25 16:04 alan-strohm