fabric-private-chaincode icon indicating copy to clipboard operation
fabric-private-chaincode copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

Improve OpenSSF Scorecard report

Open mbrandenburger opened this issue 9 months ago • 0 comments

Currently, the FPC repo has a scorecard of 4.3 (see https://scorecard.dev/viewer/?uri=github.com/hyperledger/fabric-private-chaincode)

This issue is about improving our scorecard value by applying best practices as suggested by OpenSSF

TODOS:

  • [x] Dangerous-Workflows
  • [x] Token-Permissions #764
  • [ ] Vulnerabilities #759
  • [ ] Maintained
  • [ ] Code-Review
  • [ ] Binary-Artifacts
  • [ ] Fuzzing (TBD)
  • [ ] SAST
  • [ ] Pinned-Dependencies
  • [x] Security-Policy
  • [ ] CII-Best-Practices
  • [x] License
  • [ ] Branch-Protection
  • [ ] Packaging
  • [ ] Signed-Releases

mbrandenburger avatar May 16 '24 19:05 mbrandenburger