Hello, I am Joyce and I'm working on behalf of Google and the OpenSSF to help essential open-source projects improve their supply-chain security. The OpenSSF is a non-profit foundation dedicated to improving the security of the open-source community. It counts GitHub as a founding member.
The Scorecard system combines dozens of automated checks to let maintainers better understand their project's supply-chain security posture. It is developed by the OpenSSF, with direct support from GitHub.
Since containerd is widely used and has a important role in countless projects, it's been included in the OpenSSF's list of the 100 most critical open-source projects. Adopting the Scorecard Github Action will help you to increase the overall security of the repository and garantee that the repository and contribution process is safe from malicious sabotage.
However, the OpenSSF has also developed the Scorecard GitHub Action, which adds the results of its checks to the project's security dashboard, as well as suggestions on how to solve any issues (see examples below). This Action has been adopted by 1600+ projects already.
Would you be interested in a PR which adds this Action? Optionally, it can also publish your results to the OpenSSF REST API, which allows a badge with the project's score to be added to its README.
Any doubts or concerns please feel free to reach me out.
Hello, I am Joyce and I'm working on behalf of Google and the OpenSSF to help essential open-source projects improve their supply-chain security. The OpenSSF is a non-profit foundation dedicated to improving the security of the open-source community. It counts GitHub as a founding member.
The Scorecard system combines dozens of automated checks to let maintainers better understand their project's supply-chain security posture. It is developed by the OpenSSF, with direct support from GitHub.
Since containerd is widely used and has a important role in countless projects, it's been included in the OpenSSF's list of the 100 most critical open-source projects. Adopting the Scorecard Github Action will help you to increase the overall security of the repository and garantee that the repository and contribution process is safe from malicious sabotage.
However, the OpenSSF has also developed the Scorecard GitHub Action, which adds the results of its checks to the project's security dashboard, as well as suggestions on how to solve any issues (see examples below). This Action has been adopted by 1600+ projects already.
Would you be interested in a PR which adds this Action? Optionally, it can also publish your results to the OpenSSF REST API, which allows a badge with the project's score to be added to its README.
Any doubts or concerns please feel free to reach me out.