Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposed improvements to OpenSSF Scorecard #10

Open
lucasgonze opened this issue Dec 15, 2022 · 2 comments
Open

Proposed improvements to OpenSSF Scorecard #10

lucasgonze opened this issue Dec 15, 2022 · 2 comments

Comments

@lucasgonze
Copy link

To decide whether to use this package in the Magma project I checked it with deps.dev.

(See https://deps.dev/go/github.com%2Fwmnsk%2Fmilenage/v1.2.0). These changes would improve the results:

  1. project should require code review before pull requests (aka merge requests) are merged.
  2. acquire OpenSSF (formerly CII) Best Practices Badge.
  3. enable branch protection development/release branches
  4. pin all dependencies by hash. (some dependencies are pinned by hash, but not all).
  5. enable CodeQL in Github
  6. create security policy in Github
  7. implement fuzzing

I would be glad to help with these if you would like.
@wmnsk
Copy link
Owner

wmnsk commented Jan 7, 2023

Great! Which can you help me with setting up?

@lucasgonze
Copy link
Author

Ok. Can you add me as assignee?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lucasgonze @wmnsk