Add the OpenSSF Scorecard Action workflow #1108
Comments
Merged
|
Sounds good to me -- we can try it out and see how it works. My only concern is that some tools/actions are spammy etc; but it is nice to be notified of regressions to be sure. |
|
The Action shouldn't be too spammy: it'll warn you whenever something new comes up, but not keep repeating the same things over and over again. If you have any problems with it (or just feedback more generally), let me know! |
|
Thank you again, @pnacht ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey, it's Pedro (see #844, #953, and #1103) and I've got a new security suggestion:
Would you be interested in the Scorecard Action? It'll frequently run Scorecard and populate jackson-core's Security Panel with actionable suggestions to improve its supply-chain security. In this way, it'll also alert you if a misstep accidentally weakens your security.
I'll send a PR with the Action for you to take a look.
By the way, I saw you've added the Scorecard badge (congrats on the 7.4/10! That puts you in the top 5% of important projects!).
The text was updated successfully, but these errors were encountered: