Posts Tagged ‘scorecard’
What? Let’s get the terminology cleared up. This post is about: None of these things stands alone, they’re all interlinked; and they certainly complement each other – a tripod is more stable than a pole. SBOM My earliest memories of the topic of supply chain security come from conversations with Josh Corman a little while […]
Filed under: security | 3 Comments
Tags: OpenSSF, sbom, scorecard, security, slsa, supply chain
TL;DR pymarkdownlnt provides an easy way of checking that any Markdown you’re working on is complying to some sensible guidelines. If you’re comfortable with Python virtual environments you won’t really need the rest of this post. Why? I’ve spent a bunch of time recently adding OpenSSF Scorecards to the key Atsign repos. Build better security […]
Filed under: howto | Leave a Comment
Tags: Actions, github, lint, lints, Markdown, Pip, pymarkdown, pymarkdownlnt, python, scorecard, Ubuntu, uv, venv, venvs, virtual environment
TL;DR OSSF Scorecards provide a visible badge that lets people see that an open source repo is adhering to a set of practices that minimise risks, measured by a set of automated checks. Getting this right for a single repo can be an involved process, but with that experience in hand applying the learning to […]
Filed under: security, software | Leave a Comment
Tags: Allstar, CI, github, OSSF, scorecard, security
Chris Swan's Weblog 