Add support for OpenSSF Scorecard Score #4673
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
ivankatliarchuk
added
the
kind/feature
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Example coredns https://github.com/coredns/coredns/blob/master/.github/workflows/scorecards.yml
Example helm helm/helm#13243
OpenSSFF Scorecard https://github.com/ossf/scorecard
Add github action https://github.com/ossf/scorecard-action
Maintainters need to add PAT token https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Current Score is 5.0 https://scorecard.dev/viewer/?uri=github.com/gofogo/k8s-sigs-external-dns-fork
Why is this needed:
This project is a collaborative effort between the CNCF and Google's Open Source Security Team to improve security practices across various CNCF projects. The focus is identifying and addressing security vulnerabilities, integrating security tools like OSS-Fuzz, and enhancing build and release security processes. The goal is to get all CNCF projects to use scorecards (focusing on graduated/incubating projects first) and to remediate some of the findings.
Tasks
The text was updated successfully, but these errors were encountered: