Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSF Scorecard analysis #6803

Open
2 tasks done
planetf1 opened this issue Aug 10, 2022 · 3 comments
Open
2 tasks done

OpenSSF Scorecard analysis #6803

planetf1 opened this issue Aug 10, 2022 · 3 comments
Labels
build-improvement Build improvements - maven, gradle, GitHub actions cross-project Apply to many repositories in odpi/* enhancement New feature or request pinned Keep open (do not time out) security Security related (high priority)

Comments

@planetf1
Copy link
Member

Is there an existing issue for this?

  • I have searched the existing issues

Please describe the new behavior that that will improve Egeria

https://github.com/ossf/scorecard-action/tree/v2.0.0-beta.1 has an action that does a scorecard assessment on a repository.

Given concerns on security, and the work being done by the ossify to promote supply chain security, it would be useful to take a look at this action to see if it can help us, and the data can also be published to provide more confidence to consumers of our projects.

This applies across all our repos

Alternatives

n/a

Any Further Information?

none

Would you be prepared to be assigned this issue to work on?

  • I can work on this
@planetf1 planetf1 added enhancement New feature or request triage New bug/issue which needs checking & assigning labels Aug 10, 2022
@planetf1 planetf1 self-assigned this Aug 10, 2022
@planetf1 planetf1 added the security Security related (high priority) label Aug 24, 2022
@planetf1 planetf1 added build-improvement Build improvements - maven, gradle, GitHub actions and removed triage New bug/issue which needs checking & assigning labels Sep 30, 2022
planetf1 added a commit that referenced this issue Oct 3, 2022
@planetf1
Create scorecards.yml
ca87b39 
#6803 Implement scorecards
@planetf1 planetf1 mentioned this issue Oct 3, 2022
Closed
planetf1 added a commit to planetf1/egeria that referenced this issue Oct 3, 2022
@planetf1
odpi#6803 add scorecards check
39b4d1d 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
planetf1 added a commit that referenced this issue Oct 3, 2022
@planetf1
Merge pull request #6979 from planetf1/issue6803
5ad06fa 
#6803 add scorecards check
planetf1 added a commit to planetf1/egeria that referenced this issue Oct 4, 2022
@planetf1
odpi#6803 fix scorecards yaml
a3463ec 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
planetf1 added a commit to planetf1/egeria that referenced this issue Oct 4, 2022
@planetf1
.odpi#6803 fix scorecards yaml
2526428 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>

Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
planetf1 added a commit to planetf1/egeria that referenced this issue Oct 5, 2022
@planetf1
.odpi#6803 fix scorecards yaml
9218dda 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
planetf1 added a commit that referenced this issue Oct 5, 2022
@planetf1
Merge pull request #6985 from planetf1/scorecard2
3c6d140 
#6803 fix scorecards yaml
@planetf1
Copy link
Member Author

planetf1 commented Oct 5, 2022
edited

The scan has now been added to base egeria.
Issues will be reported to the security tab ie https://github.com/odpi/egeria/security/code-scanning?query=is%3Aopen+branch%3Amaster+tool%3AScorecard

Screenshot 2022-10-05 at 09 36 36

@planetf1 planetf1 mentioned this issue Nov 2, 2022
Closed
31 tasks
@github-actions
Copy link

github-actions bot commented Dec 5, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 20 days if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the no-issue-activity Issues automatically marked as stale because they have not had recent activity. label Dec 5, 2022
@planetf1 planetf1 added cross-project Apply to many repositories in odpi/* and removed no-issue-activity Issues automatically marked as stale because they have not had recent activity. labels Dec 5, 2022
@github-actions
Copy link

github-actions bot commented Feb 7, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 20 days if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the no-issue-activity Issues automatically marked as stale because they have not had recent activity. label Feb 7, 2023
@planetf1 planetf1 added pinned Keep open (do not time out) and removed no-issue-activity Issues automatically marked as stale because they have not had recent activity. labels Feb 7, 2023
@planetf1 planetf1 removed their assignment May 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build-improvement Build improvements - maven, gradle, GitHub actions cross-project Apply to many repositories in odpi/* enhancement New feature or request pinned Keep open (do not time out) security Security related (high priority)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@planetf1