Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add OpenSSF Scorecard for README.md #3696

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

fengshunli
Copy link
Member

@fengshunli fengshunli commented Jul 21, 2024

Why is this needed:

The OpenSSF Scorecard improves open-source project's security by providing automated, transparent assessments of their security practices. It will help you identify vulnerabilities, adhere to best practices, and continuously enhance your security posture, increasing user trust and reducing the risk of security exploits.

I'll be the one to create the PR to add the scorecard GitHub action, and I will also work with you to remediate the identified vulnerabilities. I'll go through each scorecard check to see where the score has dropped and how it can be improved.

Integrate scorecard in CI, and display a Scorecard badge on the gogf repository
You also need to manually create a project, refer to https://bestpractices.coreinfrastructure.org/en/projects
Manually create an gogf organization to report results, please see https://sonarcloud.io/explore/projects?sort=-analysis_date

@gqcn gqcn changed the title Add OpenSSF Scorecard for README.md feat(openssf): Add OpenSSF Scorecard for README.md Jul 22, 2024
@gqcn gqcn changed the title feat(openssf): Add OpenSSF Scorecard for README.md feat(openssf): add OpenSSF Scorecard for README.md Jul 22, 2024
@gqcn
Copy link
Member

gqcn commented Jul 22, 2024

@fengshunli
Hello, I've created projects https://www.bestpractices.dev/en/projects/9233 and https://sonarcloud.io/project/overview?id=gogf_gf .
And I've invited you as member of our project, you will be authorized getting through OpenSSF procedures.

@gqcn gqcn changed the title feat(openssf): add OpenSSF Scorecard for README.md chore: add OpenSSF Scorecard for README.md Jul 22, 2024
Copy link

sonarcloud bot commented Jul 22, 2024

@fengshunli
Copy link
Member Author

The score of this check is very low and needs to be further optimized

@gqcn
Copy link
Member

gqcn commented Jul 24, 2024

The score of this check is very low and needs to be further optimized

It might not be merged right currently.

@fengshunli
Copy link
Member Author

https://github.com/gogf/gf/security/code-scanning The security issues found here may need to be fixed

@gqcn
Copy link
Member

gqcn commented Jul 29, 2024

The score of this check is very low and needs to be further optimized

It might not be merged right currently util the openssf score get improved.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants