Enable OpenSSF Scorecard Github Action on repo to improve the project's supply chain security posture.
Hi, I am talking on behalf of Google and the OpenSSF and I'm working on helping open source projects to increase their Supply Chain Security Posture.
To help on that, I would like to suggest the OpenSSF Scorecard Action that automatically runs on the repository checking for possible security improvements that can be made to avoid some known supply-chain security threats.
The auth project already scored amazing well on scorecard checks, having only a few improvements that could be done such as Token-Permissions and CI-Tests. The first one seems to be specially applicable to auth since it mitigates some threats on the workflow actions.
To more informations about the Scorecard Checks, please see the Scorecard Documentation.
Let me know if you are interested in a PR configuring the OpenSSF Scorecard Action and, optionally, its badge.
In case of doubts or concerns please feel free to reach out to me.
Additional Reading:
Hi there @joycebrum
Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.
| Owner Name | google-github-actions |
| Repo Name | auth |
| Full Name | google-github-actions/auth |
| Language | TypeScript |
| Created Date | 2021-09-16 |
| Updated Date | 2023-03-24 |
| Star Count | 573 |
| Watcher Count | 16 |
| Fork Count | 116 |
| Issue Count | 3 |
| Issue Title | Created Date | Updated Date |
|---|