-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: add OpenSSF Scorecard for README.md #3696
base: master
Are you sure you want to change the base?
Conversation
@fengshunli |
Signed-off-by: fsl <[email protected]>
Quality Gate passedIssues Measures |
The score of this check is very low and needs to be further optimized |
It might not be merged right currently. |
https://github.com/gogf/gf/security/code-scanning The security issues found here may need to be fixed |
Why is this needed:
The OpenSSF Scorecard improves open-source project's security by providing automated, transparent assessments of their security practices. It will help you identify vulnerabilities, adhere to best practices, and continuously enhance your security posture, increasing user trust and reducing the risk of security exploits.
I'll be the one to create the PR to add the scorecard GitHub action, and I will also work with you to remediate the identified vulnerabilities. I'll go through each scorecard check to see where the score has dropped and how it can be improved.
Integrate scorecard in CI, and display a Scorecard badge on the gogf repository
You also need to manually create a project, refer to https://bestpractices.coreinfrastructure.org/en/projects
Manually create an gogf organization to report results, please see https://sonarcloud.io/explore/projects?sort=-analysis_date