Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracking OSSF Scorecard improvements #13157

Open
trask opened this issue Feb 1, 2025 · 3 comments
Open

Tracking OSSF Scorecard improvements #13157

trask opened this issue Feb 1, 2025 · 3 comments

Comments

@trask
Copy link
Member

trask commented Feb 1, 2025

https://securityscorecards.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-java-instrumentation
@trask
Copy link
Member Author

trask commented Feb 1, 2025
edited
Loading

I don't understand why our "Token-Permissions" score is still 0/10. This is my latest attempt: #13156

UPDATE: that fixed the Token-Permissions score, now 10/10

@trask trask mentioned this issue Feb 2, 2025
Merged
@trask
Copy link
Member Author

trask commented Feb 2, 2025

I answered questions for OpenSSF Best Practices program, which should bump our "CII-Best-Practices" score from 0/10 to 5/10.

@trask
Copy link
Member Author

trask commented Feb 2, 2025
edited
Loading

Next: convert from classic "branch protections" to "repository rules" as part of https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional

UPDATE: I've enabled a ruleset on main to potentially replace the branch protection on main. I've set the ruleset enforcement to "Evaluate" which I think means it shouldn't prevent anything from happening, but we might(?) see it referenced in PRs, not sure...

@trask trask mentioned this issue Feb 2, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@trask