Thanks to visit codestin.com
Credit goes to github.com

Skip to content

OpenSSF Scorecard #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
matifali opened this issue Oct 2, 2024 · 2 comments
Open

OpenSSF Scorecard #89

matifali opened this issue Oct 2, 2024 · 2 comments
Assignees
@matifali
Labels
security Related to security

Comments

@matifali
Copy link
Member

matifali commented Oct 2, 2024
edited
Loading

In the context of coder/coder#14879, we need to address the following issues to add an OpenSSF card with a perfect score.

OpenSSF Scorecard

The results are collected by running.

brew install scorecard
export GITHUB_AUTH_TOKEN=$(gh auth token)
scorecard --repo=github.com/coder/coder --show-details --verbosity warn

Can Also be viewed online at: https://scorecard.dev/viewer/?uri=github.com%2Fcoder%2Fcoder
@coder-labeler coder-labeler bot added docs Improvements or additions to documentation enhancement labels Oct 2, 2024
@matifali matifali added the security Related to security label Oct 2, 2024
@matifali
Copy link
Member Author

matifali commented Oct 8, 2024
edited
Loading

After getting the passing criteria for OpenSSF best practices, our score is now 7.4/10.0, which I have added as a badge.
Image

#88 should further improve the score.

@matifali matifali self-assigned this Oct 8, 2024
@matifali matifali mentioned this issue Oct 8, 2024
Closed
step-security-bot added a commit to step-security-bot/coder that referenced this issue Oct 15, 2024
@step-security-bot
chore: apply security best practices
7ec40eb 
Part of coder/internal#89

Signed-off-by: StepSecurity Bot <[email protected]>
@matifali matifali removed enhancement docs Improvements or additions to documentation labels Oct 16, 2024
This was referenced Oct 23, 2024
Merged
Merged
@matifali
Copy link
Member Author

matifali commented Nov 4, 2024

After

  1. chore: tighten GitHub workflow permissions coder#15282
  2. chore: log provider stack traces on text file busy coder#15249

The coder/coder OpenSSF score has bumped to 8.5.
https://scorecard.dev/viewer/?uri=github.com%2Fcoder%2Fcoder

@matifali matifali mentioned this issue Nov 4, 2024
Closed
@matifali matifali mentioned this issue Nov 13, 2024
Merged
matifali added a commit to coder/coder that referenced this issue Nov 15, 2024
@matifali
chore: add provenance attestation to docker-base image (#14999)
365ce67 
Enables [build
attestation](https://docs.docker.com/build/metadata/attestations/slsa-provenance/)
for the docker-base image.
Contributes to #14879 and coder/internal#89

As an experiment, we are only doing it with the coder-base image for
now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matifali matifali

Labels
security Related to security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matifali