Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4
2022年1月19日
The Scorecards Action is released in partnership with GitHub and is available from GitHub's Marketplace. The Action makes using Scorecards easier than ever: it runs automatically on repository changes to alert developers about risky supply-chain practices. Maintainers can view the alerts on GitHub's code scanning dashboard, which is available for free to public repositories on GitHub.com and via GitHub Advanced Security for private repositories.
Additionally, we have scaled our weekly Scorecards scans to over one million GitHub repositories, and have partnered with the Open Source Insights website for easy user access to the data.
For more details about the release, including the new Dangerous-Workflow security check, visit the OpenSSF's official blog post here.
0 件のコメント :
コメントを投稿