Bump OSSF score above 9.0 ⬆️ #694
Comments
|
@rvema - pinned dependencies is one of them. Do you want to take this task on? |
For sure, let me take a look and work on it |
|
@JamieSlome I would like to try working on this issue for hactoberfest. Should we send one PR per item being addressed. Like I saw here (https://scorecard.dev/viewer/?uri=github.com/finos/git-proxy) there is a vulnerability that can be fixed by upgrading the page |
|
@coderhs - sure, thank you for volunteering 👍 Are we able to do in a single PR? |
|
Perhaps we can do per action item as reported. Referring to the list here: https://scorecard.dev/viewer/?uri=github.com/finos/git-proxy
I am not sure if we can go above 9, but with each PR we should be getting closer. |
|
@JamieSlome I have to step back from this, i thought it would be a small thing to do but it seems some of the concerns are with express.js itself that I don't think me without more experience in the project should be upgrading them. Kindly unassing this from me so someone else can pick it up. I could send a PR for the body-parser that i upgraded if needed. |
JamieSlome
added
the
citi-hackathon
|
@JamieSlome Please assign it to me. I will take this up. |
|
@laukik-target - all yours ❤️ |
|
@JamieSlome Can you please review the above PR? I would be pushing more PRs to cross-score 9.0. Targeting High Priority items from the OSSF Scorecard first. |
|
@JamieSlome Can you please review the above PR? I have made changes to branch protection by using the classic token which gave a significant increase in OSSF Score.
As you can see, I have improved the score for branch protection in OSSF Scorecard. |
@rvema contributed the OSSF Scorecard to the repository in #676. If possible, it would be great to drive the score about 9.0 to ensure we excel at meeting OSSF's security standards👍
Tasks
The text was updated successfully, but these errors were encountered: