You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
first of all, I want to thank you for your work on aio-pika! We are currently working on adopting aio-pika and as part of that process ran a security scan using securityscorecards.
Through this scan we found a few things that could be easily improved to help user and companies with strict security requirements to adopt aio-pika:
Introducing a security policySecurity.md file to let users know how to report vulnerabilities. I am also happy to provide a PR for this.
Enable full branch protection to require PR reviews and status checks to pass as well as prevent force push.
You can find a full list of the performed checks here (above I only listed the low hanging fruits that can be easily fixed).
You can get the full report by running docker run -e GITHUB_AUTH_TOKEN=$GITHUB_TOKEN gcr.io/openssf/scorecard:stable --repo=https://github.com/mosquito/aio-pika
Implementing these changes would help us and other users to adopt aio-pika for our projects!
The text was updated successfully, but these errors were encountered:
Hi,
first of all, I want to thank you for your work on aio-pika! We are currently working on adopting aio-pika and as part of that process ran a security scan using securityscorecards.
Through this scan we found a few things that could be easily improved to help user and companies with strict security requirements to adopt aio-pika:
Security.md
file to let users know how to report vulnerabilities. I am also happy to provide a PR for this.You can find a full list of the performed checks here (above I only listed the low hanging fruits that can be easily fixed).
You can get the full report by running
docker run -e GITHUB_AUTH_TOKEN=$GITHUB_TOKEN gcr.io/openssf/scorecard:stable --repo=https://github.com/mosquito/aio-pika
Implementing these changes would help us and other users to adopt aio-pika for our projects!
The text was updated successfully, but these errors were encountered: