Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improved: Adds a ScoreGuard badge (OFBIZ-12964)
We have currently a 7.7 score. Theoretically this could be improved using 4 manners: 1. Token-Permissions 2. Code-Review 3. Fuzzing 4. CII-Best-Practice https://securityscorecards.dev/viewer/?uri=github.com/apache/ofbiz-framework 1. Reality is Token-Permissions reports a write permission for pushing packages and the proposed link is not a solution (at least for now) 2. We can improve code review 3. I'll have a look, Fuzzing seems an interesting complementary tool for security 4. I'll also have a look, "paper work" mostly
- Loading branch information