Roll out OSSF scorecard workflow to all repositories #2636
Labels
triage:accepted
This issue has been accepted and will be worked.
Comments
This was referenced Mar 30, 2025
Merged
Merged
Merged
This was referenced Mar 31, 2025
hdost
pushed a commit
to open-telemetry/opentelemetry-rust-contrib
that referenced
this issue
Apr 1, 2025
See open-telemetry/community#2636 for details Co-authored-by: otelbot <[email protected]>
|
Thank you! I'm making one change for the Ruby repositories, to limit the runs to just the main fork so that contributor's forks don't get stuck with failing runs. https://github.com/open-telemetry/opentelemetry-ruby/pull/1832/files#r2023374987 |
jmacd
added a commit
to open-telemetry/otel-arrow
that referenced
this issue
Apr 2, 2025
See open-telemetry/community#2636 for details --------- Co-authored-by: otelbot <[email protected]> Co-authored-by: Joshua MacDonald <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For an example of the report that this generates, see https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-java-instrumentation
We are planning to use the scorecard report on Wednesday of this week to help drive a Security Slam event at KubeCon where participants can help to burn down our security backlog.
Note: this is using an automation mechanism similar to #2574 in order to send PRs to add these workflows to all repositories.
The text was updated successfully, but these errors were encountered: