scorecard
scorecard copied to clipboard
ossf
OpenSSF Scorecard - Security health metrics for Open Source
**Describe the bug** A clear and concise description of what the bug is. **Reproduction steps** https://deps.dev/go/github.com%2Fossf%2Fscorecard Are these false positives? If not, please fix. Also, for false positives, is there...
The current implementation used fields as `some-field`, let's rename to `someField`. Fyi, BQ does not accept `-` in name.
**Is your feature request related to a problem? Please describe.** Yes, dart and flutter use [gclient](https://www.chromium.org/developers/how-tos/depottools/#gclient) from chromium to manage third party dependencies. We would like to add `Pin dependencies`...
The Code-Review check counts all the commits in a PR if they are merged un-squashed. So there are situations where we only look at a few commits - rather than...
**Describe the bug** Some projects need ELF files for purposes other than running code. For example, AFL contains ELF files that are example testcases that have crashed the `strings` program....
The dangerous workflow alerts when a secret is used in a pull request. If the untrusted code is not run (e.g., https://github.com/actions-runner-controller/actions-runner-controller/blob/master/.github/workflows/runners.yml#L51) we still create an alert but it's a...
Function `getEnabledChecks()` determines which checks are enabled, using a combination of 1) supported checks for the repo interface, 2) wether a policy is given or not, 3) whether `--checks` is...
**Is your feature request related to a problem? Please describe.** Upgrade to go https://go.dev/doc/go1.18
There used to be an issue about this, but I cannot find it. Creating a new one. We'd like to avoid problems like https://github.com/ossf/scorecard/issues/1691 and https://github.com/ossf/scorecard/issues/1690 cc @naveensrinivasan