Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve repo's ossf scorecard's score #714

Closed
11 tasks done
sheerlox opened this issue Oct 14, 2023 · 3 comments · Fixed by #715
Closed
11 tasks done

improve repo's ossf scorecard's score #714

sheerlox opened this issue Oct 14, 2023 · 3 comments · Fixed by #715
Labels
released type:chore Other changes that don't modify src or test files

Comments

@sheerlox
Copy link
Collaborator

sheerlox commented Oct 14, 2023
edited
Loading

Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.

We are currently scoring 5.3/10:

OpenSSF Scorecard

Find below the checks we need to improve on and the associated remediation steps.

Poor scoring checks

image

How to improve check scores
@sheerlox sheerlox added the type:chore Other changes that don't modify src or test files label Oct 14, 2023
@sheerlox sheerlox self-assigned this Oct 14, 2023
@sheerlox
Copy link
Collaborator Author

@intcreator could you please try to install the Renovate app to the repository? I think you might have the necessary rights.

I'll prepare a PR for all the other points, which should get our score up to about 9.

@sheerlox sheerlox mentioned this issue Oct 14, 2023
Merged
@sheerlox
Copy link
Collaborator Author

also regarding the security policy, we'd need an email address and PGP key accessible to the (main) maintainers. I'm unsure how to go about this, please let me know if you have any ideas!

@sheerlox sheerlox removed their assignment Oct 23, 2023
@ncb000gt
Copy link
Member

🎉 This issue has been resolved in version 3.1.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released type:chore Other changes that don't modify src or test files
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: improve ossf scorecard's score sheerlox/node-cron
2 participants
@ncb000gt @sheerlox