Uploaded image for project: 'logback'
  1. logback
  2. LOGBACK-1708

Add the OpenSSF Scorecards GitHub Action

    XMLWordPrintable

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None

    Description

      There's been a large increase in supply-chain attacks. The OpenSSF defined logback as one of the most important open-source projects, and has developed the Scorecards system to help projects detect how they can improve their security posture. This is done via a series of checks of repository settings, workflow definitions, etc.

      The OpenSSF has also released the Scorecards GitHub Action, which automates these checks. If any possible improvements are detected, they are sent to the project's security dashboard, along with actionable instructions for how to implement these changes (see image attached).

      Would there be interest in a PR to implement this Action?

      Disclaimer: I work for Google (an OpenSSF founding member), where my full-time role is to help open-source maintainers improve their security.

       

      Attachments

        1. sc-gha-example.png
          571 kB
          Pedro Kaj Kjellerup Nacht

        Activity

          People

            logback-dev Logback dev list
            pnacht Pedro Kaj Kjellerup Nacht
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: