You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My feeling is we do a reasonable job of security. That said I'm no expert and it would be good to have a tool to validate we're staying secure and help communicate those intentions and practices to our users.
OSSF scorecard checks your security practices and scores the project based on your use of security tools and best practices. Runs on a GitHub Action and the badge can be added to our readme or site as desired. Here's our current scorecard:
What problem does this address?
My feeling is we do a reasonable job of security. That said I'm no expert and it would be good to have a tool to validate we're staying secure and help communicate those intentions and practices to our users.
What is your proposed solution?
https://securityscorecards.dev/
OSSF scorecard checks your security practices and scores the project based on your use of security tools and best practices. Runs on a GitHub Action and the badge can be added to our readme or site as desired. Here's our current scorecard:
https://securityscorecards.dev/viewer/?uri=github.com/wp-graphql/wp-graphql
What alternatives have you considered?
none.
Additional Context
They mention a couple projects who use it: https://github.com/ossf/scorecard?tab=readme-ov-file#prominent-scorecard-users
The CISA seems to recommend it: https://www.cisa.gov/resources-tools/services/openssf-scorecard of
The text was updated successfully, but these errors were encountered: