Skip to content

chore(ci): Add OSSF Scorecard Workflow #1797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 23, 2023
Merged

chore(ci): Add OSSF Scorecard Workflow #1797

merged 5 commits into from
Nov 23, 2023

Conversation

sthulb
Copy link
Contributor

@sthulb sthulb commented Nov 21, 2023
edited by dreamorosi
Loading

Description of your changes

This PR adds a new workflow to the repo to assess the project according to the OSSF guidelines and eventually obtain a scorecard.

Related issues, RFCs

Issue number: #1799

Checklist

  • My changes meet the tenets criteria
  • I have performed a self-review of my own code
  • I have commented my code where necessary, particularly in areas that should be flagged with a TODO, or hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my change is effective and works
  • The PR title follows the conventional commit semantics

Breaking change checklist

Is it a breaking change?: NO

  • I have documented the migration process
  • I have added, implemented necessary warnings (if it can live side by side)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@sthulb sthulb added the do-not-merge This item should not be merged label Nov 21, 2023
@sthulb sthulb requested a review from a team November 21, 2023 20:35
@boring-cyborg boring-cyborg bot added the automation This item relates to automation label Nov 21, 2023
@pull-request-size pull-request-size bot added the size/M PR between 30-99 LOC label Nov 21, 2023
@github-actions GitHub Actions
Copy link
Contributor

No related issues found. Please ensure there is an open issue related to this change to avoid significant delays or closure.

@github-actions github-actions bot added the need-issue This PR needs an issue before it can be reviewed/worked on further label Nov 21, 2023
dreamorosi
dreamorosi requested changes Nov 22, 2023
View reviewed changes
Copy link
Contributor

@dreamorosi dreamorosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Branch name needs renaming, also please create an issue even if with just a one liner.

@sthulb sthulb removed the do-not-merge This item should not be merged label Nov 23, 2023
@sonarqubecloud SonarQubeCloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@sthulb sthulb merged commit 8dde407 into main Nov 23, 2023
@sthulb sthulb deleted the ossf-scorecard branch November 23, 2023 11:12
@github-actions GitHub Actions
Copy link
Contributor

@aws-powertools/lambda-typescript No related issues found. Please ensure 'status/pending-release' label is applied before releasing.

@dreamorosi dreamorosi linked an issue Nov 24, 2023 that may be closed by this pull request
Maintenance: Improve security posture by addressing OpenSSF results #1799
Closed
2 tasks
@dreamorosi dreamorosi self-requested a review November 24, 2023 02:39
dreamorosi pushed a commit that referenced this pull request Nov 24, 2023
@sthulb @dreamorosi
chore(ci): Add OSSF Scorecard Workflow (#1797)
ce0ac7d 
* chore(ci): Add OSSF Scorecard Workflow
@am29d am29d mentioned this pull request Feb 6, 2024
Merged
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dreamorosi dreamorosi Awaiting requested review from dreamorosi

Assignees

@sthulb sthulb

Labels
automation This item relates to automation need-issue This PR needs an issue before it can be reviewed/worked on further size/M PR between 30-99 LOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: Improve security posture by addressing OpenSSF results
2 participants
@sthulb @dreamorosi