Open SSF Scorecard #3107
Labels
Type: Chore
(updating CI tasks etc; no production code change)
Type: Enhancement
New feature or request
Comments
jasonbahl
added
Type: Enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What problem does this address?
My feeling is we do a reasonable job of security. That said I'm no expert and it would be good to have a tool to validate we're staying secure and help communicate those intentions and practices to our users.
What is your proposed solution?
https://securityscorecards.dev/
OSSF scorecard checks your security practices and scores the project based on your use of security tools and best practices. Runs on a GitHub Action and the badge can be added to our readme or site as desired. Here's our current scorecard:
https://securityscorecards.dev/viewer/?uri=github.com/wp-graphql/wp-graphql
What alternatives have you considered?
none.
Additional Context
They mention a couple projects who use it: https://github.com/ossf/scorecard?tab=readme-ov-file#prominent-scorecard-users
The CISA seems to recommend it: https://www.cisa.gov/resources-tools/services/openssf-scorecard of
The text was updated successfully, but these errors were encountered: