Skip to content

Apply security best practices – Create OpenSSF Scorecard workflow #2879

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
terhorstd merged 1 commit into from
Dec 15, 2023
Merged

Apply security best practices – Create OpenSSF Scorecard workflow #2879

terhorstd merged 1 commit into from
Dec 15, 2023

Conversation

@step-security-bot
Copy link
Contributor

@step-security-bot step-security-bot commented Aug 8, 2023

Summary

This pull request is created by Secure Repo at the request of @terhorstd. Please merge the Pull Request to incorporate the requested changes. Please tag @terhorstd on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Security Fixes

Add OpenSSF Scorecard Workflow

OpenSSF Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project.

Scorecard workflow also allows maintainers to display a Scorecard badge on their repository to show off their hard work.

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-repo. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

@step-security-bot
[StepSecurity] Apply security best practices – Create OpenSSF Scoreca…
ec8ecde 
…rd workflow

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@terhorstd terhorstd added S: Normal Handle this with default priority T: Maintenance Work to keep up the quality of the code and documentation. I: No breaking change Previously written code will work as before, no one should note anything changing (aside the fix) labels Aug 11, 2023
@github-actions
Copy link

github-actions bot commented Oct 10, 2023

Pull request automatically marked stale!

@github-actions github-actions bot added the stale Automatic marker for inactivity, please have another look here label Oct 10, 2023
terhorstd
terhorstd approved these changes Dec 15, 2023
View reviewed changes
Copy link
Contributor

@terhorstd terhorstd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@terhorstd
Copy link
Contributor

terhorstd commented Dec 15, 2023

Merging, as it has been discussed in the NEST Developer VC on 2023-11-06

@terhorstd terhorstd merged commit c1a004f into nest:master Dec 15, 2023
@BrewTestBot BrewTestBot mentioned this pull request Apr 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@terhorstd terhorstd terhorstd approved these changes

Assignees

No one assigned

Labels

I: No breaking change Previously written code will work as before, no one should note anything changing (aside the fix) S: Normal Handle this with default priority stale Automatic marker for inactivity, please have another look here T: Maintenance Work to keep up the quality of the code and documentation.

Projects

Build system and CI
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@step-security-bot @terhorstd