Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSF Badge #88

Merged
merged 1 commit into from
May 7, 2024
Merged

OpenSSF Badge #88

merged 1 commit into from
May 7, 2024

Conversation

Salkimmich
Copy link
Collaborator

OpenSSF Best Practices Badge with your current % Score should be available with an up-to-date score on your main page now.

The repository was analysed with OpenSSF Best Practices Criteria. There are several criteria I was not able to confirm, but if you can provide URL or confirm password hardening I will update the Badge score for 100% security compliance:

Release Notes:
The project MUST provide, in each release, release notes that are a human-readable summary of major changes in that release to help users determine if they should upgrade and what the upgrade impact will be. The release notes MUST NOT be the raw output of a version control log (e.g., the "git log" command results are not release notes). The release notes MUST identify every publicly known run-time vulnerability fixed in this release that already had a CVE assignment or similar when the release was created. This criterion may be marked as not applicable (N/A) if users typically cannot practically update the software themselves (e.g., as is often true for kernel updates). This criterion applies only to the project results, not to its dependencies. (URL required)

Password Security:
If the software produced by the project causes the storing of passwords for authentication of external users, the passwords MUST be stored as iterated hashes with a per-user salt by using a key stretching (iterated) algorithm (e.g., Argon2id, Bcrypt, Scrypt, or PBKDF2). See also OWASP Password Storage Cheat Sheet).

OpenSSF Best Practices Score Badge
@jyao1 jyao1 merged commit 10cbab4 into main May 7, 2024
58 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants