-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assessment against best practices (OpenSSF Scorecards ...) #859
Comments
Next steps: OSSF Scorecards
CII Best Practices
Other
|
Reference: nodejs/security-wg#859 Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Reference: nodejs/security-wg#859 Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Reference: nodejs/security-wg#859 Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
Opened 5 PRs to increase the OpenSSF Scorecard |
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
Reference: nodejs/security-wg#859 Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off. |
This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off. |
As discussed in the last meeting #857. I'm creating this issue to, discuss and follow the evolution of this new Security-WG initiative for 2023.
The main idea is to assess how the Node.js project is positioned in regards to some security best practices. The final goal would be to collect metrics, allowing us to eventually improve security.
As a first actionable step we discussed exploring the OpenSSF Scorecards initiative. For context an issue about Scorecard has been opened here: #851 (There is some nice information on it). A presentation will be held in the next meeting (January 19th).
The text was updated successfully, but these errors were encountered: