Improved: Adds a ScoreGuard badge (OFBIZ-12964)

We have currently a 7.7 score. Theoretically this could be improved using 4 manners: 1. Token-Permissions 2. Code-Review 3. Fuzzing 4. CII-Best-Practice https://securityscorecards.dev/viewer/?uri=github.com/apache/ofbiz-framework 1. Reality is Token-Permissions reports a write permission for pushing packages and the proposed link is not a solution (at least for now) 2. We can improve code review 3. I'll have a look, Fuzzing seems an interesting complementary tool for security 4. I'll also have a look, "paper work" mostly
apache · Mar 26, 2024 · c7b1a4b · c7b1a4b
1 parent 83085f8
commit c7b1a4b
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/README.adoc b/README.adoc
@@ -25,6 +25,7 @@ image:https://img.shields.io/badge/Version-trunk-blue.svg[link=https://github.co
 image:https://ci2.apache.org/badges/ofbizTrunkFrameworkPlugins.svg[link=https://ci2.apache.org/#/builders?tags=%2BofbizTrunkFrameworkPlugins]
 image:https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml/badge.svg?branch=trunk[link=https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml]
 image:https://qpkb254zxeu.montastic.io/badge[link=https://qpkb254zxeu.montastic.io]
+image:https://api.securityscorecards.dev/projects/github.com/apache/ofbiz-framework/badge[link=https://securityscorecards.dev/viewer/?uri=github.com/apache/ofbiz-framework]
 //image:https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml/badge.svg[link=https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml]