Add OpenSSF Scorecard to the project CI #3481
Labels
C: maintenance
Related to project maintenance, e.g. CI, testing, policy changes, releases
T: enhancement
New feature or request
Please consider adopting https://github.com/ossf/scorecard in your project CI.
TL;DR - It scans CI configs for token permission overreach security issues and looks at transitive deps with issues to surface potential problems. (running it will give you a better idea than I can list off the top of my head)
The text was updated successfully, but these errors were encountered: