Skip to content

chore: add OpenSSF Scorecard for README.md#3696

Merged
hailaz merged 1 commit into
gogf:masterfrom
fengshunli:ssf
Aug 29, 2025
Merged

chore: add OpenSSF Scorecard for README.md#3696
hailaz merged 1 commit into
gogf:masterfrom
fengshunli:ssf

Conversation

@fengshunli

@fengshunli fengshunli commented Jul 21, 2024
edited
Loading

Copy link
Copy Markdown
Member

Why is this needed:

The OpenSSF Scorecard improves open-source project's security by providing automated, transparent assessments of their security practices. It will help you identify vulnerabilities, adhere to best practices, and continuously enhance your security posture, increasing user trust and reducing the risk of security exploits.

I'll be the one to create the PR to add the scorecard GitHub action, and I will also work with you to remediate the identified vulnerabilities. I'll go through each scorecard check to see where the score has dropped and how it can be improved.

Integrate scorecard in CI, and display a Scorecard badge on the gogf repository
You also need to manually create a project, refer to https://bestpractices.coreinfrastructure.org/en/projects
Manually create an gogf organization to report results, please see https://sonarcloud.io/explore/projects?sort=-analysis_date

@gqcn gqcn changed the title Add OpenSSF Scorecard for README.md feat(openssf): Add OpenSSF Scorecard for README.md Jul 22, 2024
@gqcn gqcn changed the title feat(openssf): Add OpenSSF Scorecard for README.md feat(openssf): add OpenSSF Scorecard for README.md Jul 22, 2024
@gqcn

gqcn commented Jul 22, 2024

Copy link
Copy Markdown
Member

@fengshunli
Hello, I've created projects https://www.bestpractices.dev/en/projects/9233 and https://sonarcloud.io/project/overview?id=gogf_gf .
And I've invited you as member of our project, you will be authorized getting through OpenSSF procedures.

@gqcn gqcn changed the title feat(openssf): add OpenSSF Scorecard for README.md chore: add OpenSSF Scorecard for README.md Jul 22, 2024
@fengshunli
Add OpenSSF Scorecard for README.md
81fe929 
Signed-off-by: fsl <1171313930@qq.com>
@gqcn gqcn requested a review from hailaz July 22, 2024 12:49
@sonarqubecloud

sonarqubecloud Bot commented Jul 22, 2024

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@fengshunli

fengshunli commented Jul 22, 2024

Copy link
Copy Markdown
Member Author

The score of this check is very low and needs to be further optimized

@gqcn

gqcn commented Jul 24, 2024

Copy link
Copy Markdown
Member

The score of this check is very low and needs to be further optimized

It might not be merged right currently.

@fengshunli

fengshunli commented Jul 24, 2024

Copy link
Copy Markdown
Member Author

https://github.com/gogf/gf/security/code-scanning The security issues found here may need to be fixed

@gqcn

gqcn commented Jul 29, 2024

Copy link
Copy Markdown
Member

The score of this check is very low and needs to be further optimized

It might not be merged right currently util the openssf score get improved.

image

@fengshunli

fengshunli commented Dec 31, 2024

Copy link
Copy Markdown
Member Author

The score of this check is very low and needs to be further optimized

It might not be merged right currently util the openssf score get improved.

image

https://www.bestpractices.dev/en/projects?q=gf Complete the terms in the form and you can pass it

@hailaz hailaz merged commit 71743e6 into gogf:master Aug 29, 2025
@BrewTestBot BrewTestBot mentioned this pull request Jan 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hailaz hailaz hailaz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fengshunli @gqcn @hailaz