Comments (6)
@gabibguti I'm working through older issues to see which still have interest. PRs are welcome for any work, but the maintainers will not be focused on this work in the near future.
from scorecard.
Updating GitHub community discussion link:
https://github.com/orgs/community/discussions/10906
It's still on beta, but seems like it's not being watched/maintained.
from scorecard.
This feature does not align with the current project focus. If there is no feedback in the next 7 days to the contrary, then this issue will be closed.
from scorecard.
@afmarcum Just to clarify, you mean using the GitHub rulesets for restricting who can create, update and delete tags inside Scorecard repository does not align with Scorecard's focus right now, right?
Does it make sense to integrate the GitHub rulesets logic for Scorecard Branch-Protection check though?
from scorecard.
One advantage I see is, now that Scorecard has a contributor ladder, we could consider restricting the access for new maintainers on releasing by restricting the access to creating tags with GitHub rulesets.
from scorecard.
@afmarcum Just to clarify, you mean using the GitHub rulesets for restricting who can create, update and delete tags inside Scorecard repository does not align with Scorecard's focus right now, right?
Does it make sense to integrate the GitHub rulesets logic for Scorecard Branch-Protection check though?
Seems like the GitHub rulesets are already being considered for Branch-Protection, #3354. 🎉
from scorecard.
Related Issues (20)
- Security polices set at the organizational level in GitHub are not detected HOT 2
- BUG: scanning gitlab private repositories HOT 10
- enable the `nolintlint` linter (eventually)
- Feature: Revisit number of license probes
- SAST analyzer does not find CodeQL run via 'uses' directive HOT 3
- investigate linter issues HOT 1
- Differentiate between runtime vulns and devtime vulns
- BUG: Internal Error during "Branch-Protection" on GitHub Enterprise Server HOT 1
- BUG: Error during "Dependency-Update-Tools" on GitHub Enterprise Server HOT 2
- Fix URI in OSVVulnerability probe
- Feature: Document what languages the check supports
- BUG: CITest evaluation documentation inconsistent with implementation HOT 1
- Add more options for Pinned-Dependencies
- Why HOT 1
- Is there a way to influence a score by providing a proof of what's claimed as absent on a scorecard? HOT 2
- Feature: mis-configured OIDC HOT 9
- Feature: dangerous CI HOT 1
- findings: values should be exported consts owned by the probe HOT 2
- Not all checks returned for repo HOT 3
- revisit finding creation API
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scorecard.