black icon indicating copy to clipboard operation
black copied to clipboard
verified publisher icon psf

Add OpenSSF Scorecard to the project CI

Open gpshead opened this issue 3 years ago • 0 comments

Please consider adopting https://github.com/ossf/scorecard in your project CI.

TL;DR - It scans CI configs for token permission overreach security issues and looks at transitive deps with issues to surface potential problems. (running it will give you a better idea than I can list off the top of my head)

gpshead avatar Jan 05 '23 22:01 gpshead