scorecard
scorecard copied to clipboard
ossf
OpenSSF Scorecard - Security health metrics for Open Source
**Is your feature request related to a problem? Please describe.** 1. The different implementations of initializing clients in the original Scorecard run and the dependency-diff API (PR #2046): - The...
**Is your feature request related to a problem? Please describe.** In v0 (issue #2008, PR #2030, #2046, #2077), we use the default headSHA of the dependency repo to check and...
**Is your feature request related to a problem? Please describe.** In v0 of the Dependency-diff API (issue #2008), we run scorecard checks on every changed dependency to report its check...
We have severity at the level of a check today. However, within a check, severity may vary. For example, contents: write is more critical than status: write, for example. This...
Running scorecard on https://github.com/danielaparker/jsoncons/commits/master reports ``` "Info: all commits (3) are checked with a SAST tool ``` Thera are a lot more commits in the repo, though. I would have...
**Is your feature request related to a problem? Please describe.** Scorecard API Enhancements - Move all the existing BigQuery scans into FireStore > This gives our consumers an option to...
**Is your feature request related to a problem? Please describe.** In v0 of the DepedencyDiff API (issue #2008), we skip those dependencies without a srcRepo URL for the scorecard checks,...
**Is your feature request related to a problem? Please describe.** As a maintainer, when cloning a GitHub repo and running scorecard against it using the flag `--local=.`, several checks that...
We only support GH action in the check. It'd be useful to support other builders, like GCB. Seems easy enough to parse the yaml file and check the step's name,...
**Is your feature request related to a problem? Please describe.** - We have lots of PRs from Dependabot. This makes it harder to maintain renovate seems to have an option...