Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: add ossf scorecard workflow #539

Merged
merged 1 commit into from
Jul 29, 2024
Merged

ci: add ossf scorecard workflow #539

merged 1 commit into from
Jul 29, 2024

Conversation

JamieMagee
Copy link
Contributor

Add a workflow for OpenSSF Scorecards. This allows us to more easily follow the best security practices for open source packages.


Before the change?

  • No insight into the scorecard result

After the change?

  • OpenSSF scorecard is on every push to main, and weekly on a schedule.

Pull request checklist

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • No

Copy link

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@JamieMagee JamieMagee force-pushed the scorecard-workflow branch from b4b2754 to e262c5f Compare July 26, 2024 18:39
@JamieMagee JamieMagee enabled auto-merge (squash) July 28, 2024 01:55
Copy link
Member

@kfcampbell kfcampbell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, why OSSF?

@JamieMagee JamieMagee merged commit 6fadd28 into main Jul 29, 2024
7 checks passed
@JamieMagee JamieMagee deleted the scorecard-workflow branch July 29, 2024 20:57
@JamieMagee
Copy link
Contributor Author

@kfcampbell GitHub is a founding member of the OSSF. We already contribute to a lot of projects, and use a lot of tooling from the OSSF throughout GitHub. I found OSSF Scorecard useful when working in other projects, so I thought it would be a good idea to add it here as well.

Looks like we've got a score of 8.2 already! https://scorecard.dev/viewer/?uri=github.com/octokit/webhooks.net

@kfcampbell
Copy link
Member

Understood, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

2 participants