Skip to content

Issues: ossf/scorecard

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

336 Open 733 Closed
336 Open 733 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

BUG: Unrecognized CI/CDs kind/bug Something isn't working
#4050 opened Apr 24, 2024 by gabibguti
1
support querying platform specific API capabilities in RepoClient area/api kind/enhancement New feature or request
#4049 opened Apr 22, 2024 by spencerschrock
2
BUG: Patch Maintainers Annotations kind/bug Something isn't working
#4048 opened Apr 22, 2024 by gabibguti
11 tasks
Maintainer Annotations
1
BUG: Pinned-Dependencies need ability to exclude non-build/release workflows kind/bug Something isn't working
#4039 opened Apr 17, 2024 by emaste
BUG: Code-Review missing review markers kind/bug Something isn't working
#4038 opened Apr 17, 2024 by emaste
Existing OpenSSF best practices badge isn't added to a scorecard report kind/bug Something isn't working
#4037 opened Apr 16, 2024 by yrusskih
Parts of security scorecard doesn't allow excluding issues from scoring when they have no affect on an end-user kind/bug Something isn't working
#4036 opened Apr 15, 2024 by yrusskih
2
improve binary artifact and license tests to match other checks area/testing check/Binary-Artifacts check/License good first issue Good for newcomers
#4032 opened Apr 15, 2024 by spencerschrock
update the SPDX license list check/License good first issue Good for newcomers kind/enhancement New feature or request
#4031 opened Apr 15, 2024 by spencerschrock
@lelia
1
Include human friendly links for the GitHub artifacts for Signed-Releases check/Signed-Releases good first issue Good for newcomers kind/enhancement New feature or request
#4030 opened Apr 15, 2024 by spencerschrock
@schaeferka
1
Specify a user agent for OSV.dev check/Vulnerabilities good first issue Good for newcomers kind/enhancement New feature or request
#4029 opened Apr 15, 2024 by spencerschrock
the Signed-Releases remediation steps encourage manual manipulation of the source code archives kind/bug Something isn't working
#4018 opened Apr 9, 2024 by junyer
Contribution account age as a factor kind/enhancement New feature or request
#4000 opened Apr 3, 2024 by joubin
BUG: Issues with contributor scoring kind/bug Something isn't working
#3996 opened Apr 3, 2024 by siralmat
1
"Vulnerabilities" check: unclear description ("open vulnerabilities") kind/enhancement New feature or request
#3994 opened Apr 3, 2024 by Chealer
"Risk level" highly misleading (Dangerous-Workflow always "CRITICAL"). Scorecard report ("webviewer") seems broken area/security kind/docs Improvements or additions to documentation
#3990 opened Apr 2, 2024 by Chealer
README: Unable to query Public data using BigQuery Explorer kind/bug Something isn't working
#3989 opened Apr 2, 2024 by Chealer
README/FAQ: Unclear references to "the webviewer" kind/docs Improvements or additions to documentation
#3986 opened Apr 2, 2024 by Chealer
1
Feature: Add machine-readable remediation to the hasDangerousWorkflowScriptInjection probe check/Dangerous-workflow kind/enhancement New feature or request needs discussion question Further information is requested
#3950 opened Mar 18, 2024 by pnacht
Vulnerable package has score 10/10 in Vulnerabilities check/Vulnerabilities kind/bug Something isn't working kind/enhancement New feature or request
#3946 opened Mar 13, 2024 by jorgsowa
1
Feature: Probe whether repo has up-to-date CODEOWNERS check/Contributors check/Maintained good first issue Good for newcomers kind/enhancement New feature or request
#3931 opened Mar 10, 2024 by raghavkaul
@schaeferka
3
Dangerous Workflow: some user input are not being detected as untrusted input. check/Dangerous-workflow good first issue Good for newcomers kind/enhancement New feature or request
#3915 opened Mar 4, 2024 by diogoteles08
2
BUG .sigstore bundles are not being found by Signed-Releases check kind/bug Something isn't working
#3913 opened Mar 4, 2024 by cpswan
5
Supporting Spack package manager check/Packaging kind/enhancement New feature or request Stale
#3873 opened Feb 12, 2024 by crtrott
3
evaluate codecov/codecov-action v4 token area/tech-debt github_actions Pull requests that update Github_actions code Stale
#3862 opened Feb 7, 2024 by spencerschrock
1
ProTip! Find all open issues with in progress development work with linked:pr.