-
-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OpenSSF Scorecard workflow #793
Comments
Hey, friendly ping here, please let me know if you'd be interested in this PR. If not, feel free to close! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey, it's Pedro and I'm back (see #779 and #781) and I've got another security suggestion for netty-tcnative!
I'd like to suggest that the project add the OpenSSF Scorecard Action. The OpenSSF Scorecard runs a "meta-analysis" of the project's security posture, and the Action then populates the project's Security Panel with possible improvements to its security posture.
This data is fetched via GitHub's public API, and the project's current score can already be seen here. It's currently a 6.8/10, which puts netty-tcnative at the top 15% of relevant projects.
It was through Scorecard that I detected the issues fixed in #779 and #781. The Action would simply do the same thing, letting you know if there's anything you can do to improve netty-tcnative's security. The Security Panel notifications include not only the reasoning for each check's score (as seen in the link above), but also remediation steps.
If you're interested, let me know and I'll send a PR!
The text was updated successfully, but these errors were encountered: