Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assessment against best practices (OpenSSF Scorecards ...) #859

Open
fraxken opened this issue Jan 6, 2023 · 7 comments
Open

Assessment against best practices (OpenSSF Scorecards ...) #859

fraxken opened this issue Jan 6, 2023 · 7 comments

Comments

@fraxken
Copy link
Member

fraxken commented Jan 6, 2023

As discussed in the last meeting #857. I'm creating this issue to, discuss and follow the evolution of this new Security-WG initiative for 2023.

The main idea is to assess how the Node.js project is positioned in regards to some security best practices. The final goal would be to collect metrics, allowing us to eventually improve security.

As a first actionable step we discussed exploring the OpenSSF Scorecards initiative. For context an issue about Scorecard has been opened here: #851 (There is some nice information on it). A presentation will be held in the next meeting (January 19th).

@RafaelGSS
Copy link
Member

RafaelGSS commented Mar 16, 2023

step-security-bot added a commit to step-security-bot/undici that referenced this issue May 21, 2023
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
KhafraDev pushed a commit to nodejs/undici that referenced this issue May 22, 2023
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
UlisesGascon added a commit to UlisesGascon/node that referenced this issue Jun 11, 2023
metcoder95 pushed a commit to metcoder95/undici that referenced this issue Jul 21, 2023
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@github-actions
Copy link
Contributor

github-actions bot commented Sep 7, 2023

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

@RafaelGSS
Copy link
Member

Opened 5 PRs to increase the OpenSSF Scorecard

Copy link
Contributor

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

@github-actions github-actions bot added the stale label Jan 25, 2024
crysmags pushed a commit to crysmags/undici that referenced this issue Feb 27, 2024
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Copy link
Contributor

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

Copy link
Contributor

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.

Copy link
Contributor

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants