Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assessment against best practices (OpenSSF Scorecards ...) #859

Open
fraxken opened this issue Jan 6, 2023 · 7 comments
Open

Assessment against best practices (OpenSSF Scorecards ...) #859

fraxken opened this issue Jan 6, 2023 · 7 comments
Labels
never stale

Comments

@fraxken
Copy link
Member

fraxken commented Jan 6, 2023

As discussed in the last meeting #857. I'm creating this issue to, discuss and follow the evolution of this new Security-WG initiative for 2023.

The main idea is to assess how the Node.js project is positioned in regards to some security best practices. The final goal would be to collect metrics, allowing us to eventually improve security.

As a first actionable step we discussed exploring the OpenSSF Scorecards initiative. For context an issue about Scorecard has been opened here: #851 (There is some nice information on it). A presentation will be held in the next meeting (January 19th).
@fraxken fraxken mentioned this issue Jan 6, 2023
Merged
@mhdawson mhdawson mentioned this issue Jan 16, 2023
Closed
@mhdawson mhdawson mentioned this issue Jan 30, 2023
Closed
@mhdawson mhdawson mentioned this issue Feb 13, 2023
Closed
@mhdawson mhdawson mentioned this issue Feb 27, 2023
Closed
@mhdawson mhdawson mentioned this issue Mar 13, 2023
Closed
@RafaelGSS RafaelGSS mentioned this issue Mar 16, 2023
Closed
@RafaelGSS
Copy link
Member

RafaelGSS commented Mar 16, 2023
edited by UlisesGascon
Loading

Next steps:

OSSF Scorecards

CII Best Practices

Other

@mhdawson mhdawson mentioned this issue Mar 27, 2023
Closed
@mhdawson mhdawson mentioned this issue Apr 10, 2023
Closed
@mhdawson mhdawson mentioned this issue Apr 24, 2023
Closed
@mhdawson mhdawson mentioned this issue May 8, 2023
Closed
@step-security-bot step-security-bot mentioned this issue May 21, 2023
Merged
step-security-bot added a commit to step-security-bot/undici that referenced this issue May 21, 2023
@step-security-bot
workflow: apply security best practices
b8f80b0 
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <[email protected]>
KhafraDev pushed a commit to nodejs/undici that referenced this issue May 22, 2023
@step-security-bot
workflow: apply security best practices (#2130)
5281fa8 
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <[email protected]>
@mhdawson mhdawson mentioned this issue May 22, 2023
Closed
@mhdawson mhdawson mentioned this issue Jun 5, 2023
Closed
UlisesGascon added a commit to UlisesGascon/node that referenced this issue Jun 11, 2023
@UlisesGascon
docs: added Node.js CII Best practices badge
80b0be6 
Related:
- nodejs/security-wg#1012
- nodejs/security-wg#859
This was referenced Jun 11, 2023
Closed
Closed
@mhdawson mhdawson mentioned this issue Jun 19, 2023
Closed
@mhdawson mhdawson mentioned this issue Jul 3, 2023
Closed
@mhdawson mhdawson mentioned this issue Jul 17, 2023
Closed
metcoder95 pushed a commit to metcoder95/undici that referenced this issue Jul 21, 2023
@step-security-bot @metcoder95
workflow: apply security best practices (nodejs#2130)
971ae6e 
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <[email protected]>
@mhdawson mhdawson mentioned this issue Jul 31, 2023
Closed
@mhdawson mhdawson mentioned this issue Aug 14, 2023
Closed
@UlisesGascon UlisesGascon mentioned this issue Aug 22, 2023
Closed
6 tasks
@mhdawson mhdawson mentioned this issue Aug 28, 2023
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Sep 7, 2023

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

@github-actions github-actions bot added the stale label Sep 7, 2023
@UlisesGascon UlisesGascon removed the stale label Sep 9, 2023
@mhdawson mhdawson mentioned this issue Sep 11, 2023
Closed
@mhdawson mhdawson mentioned this issue Sep 25, 2023
Closed
@mhdawson mhdawson mentioned this issue Oct 9, 2023
Closed
This was referenced Oct 10, 2023
Merged
Open
@RafaelGSS RafaelGSS mentioned this issue Oct 10, 2023
Merged
This was referenced Oct 10, 2023
Open
Merged
@RafaelGSS
Copy link
Member

Opened 5 PRs to increase the OpenSSF Scorecard

@bmuenzenmeyer bmuenzenmeyer mentioned this issue Oct 19, 2023
Closed
5 tasks
@mhdawson mhdawson mentioned this issue Oct 23, 2023
Closed
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

@github-actions github-actions bot added the stale label Jan 25, 2024
crysmags pushed a commit to crysmags/undici that referenced this issue Feb 27, 2024
@step-security-bot @crysmags
workflow: apply security best practices (nodejs#2130)
9f8114e 
Reference: nodejs/security-wg#859

Signed-off-by: StepSecurity Bot <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

@github-actions github-actions bot added the stale label Apr 25, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.

@github-actions github-actions bot added the stale label Jul 25, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.

@github-actions github-actions bot added the stale label Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
never stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fraxken @UlisesGascon @RafaelGSS @marco-ippolito