Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Detecting the use of OneFuzz by recommending a .onefuzz file #2236

Merged
merged 7 commits into from
Aug 11, 2022

Conversation

balteravishay
Copy link
Contributor

Summary of the Pull Request

Adding recommendation to OneFUzz users how to allow automated security metrics tools such as Scorecard to detect the use of OneFuzz in their repository.

PR Checklist

  • [ NA] Applies to work item: #xxx
  • [v ] CLA signed. If not, go over here and sign the CLI.
  • [ NA ] Tests added/passed
  • [v ] Requires documentation to be updated
  • [v ] I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #xxx

Info on Pull Request

only markdown changes

Validation Steps Performed

NA

@mgreisen mgreisen merged commit dc43242 into microsoft:main Aug 11, 2022
@scovetta
Copy link
Member

Related: The OpenSSF Security Insights spec is designed to handle this type of use case -- meaning, specifying security metadata in a structured way.

@ghost ghost locked as resolved and limited conversation to collaborators Sep 12, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants