Enable the OpenSSF Scorecard Github Action

This issue has been tracked since 2023-02-07.


Enable OpenSSF Scorecard Github Action on repo to improve the project's supply chain security posture.

Detailed design

Hi, I am talking on behalf of Google and the OpenSSF and I'm working on helping open source projects to increase their Supply Chain Security Posture.

To help on that, I would like to suggest the OpenSSF Scorecard Action that automatically runs on the repository checking for possible security improvements that can be made to avoid some known supply-chain security threats.

The auth project already scored amazing well on scorecard checks, having only a few improvements that could be done such as Token-Permissions and CI-Tests. The first one seems to be specially applicable to auth since it mitigates some threats on the workflow actions.

To more informations about the Scorecard Checks, please see the Scorecard Documentation.

Let me know if you are interested in a PR configuring the OpenSSF Scorecard Action and, optionally, its badge.

In case of doubts or concerns please feel free to reach out to me.

Additional information

Additional Reading:

github-actions[bot] wrote this answer on 2023-02-25

Hi there @joycebrum 👋!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

More Details About Repo
Owner Name google-github-actions
Repo Name auth
Full Name google-github-actions/auth
Language TypeScript
Created Date 2021-09-16
Updated Date 2023-03-24
Star Count 573
Watcher Count 16
Fork Count 116
Issue Count 3


Issue Title Created Date Updated Date