This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit c7b1a4b520093170067ba21b4ebe7d352b06105b
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Tue Mar 26 12:14:50 2024 +0100
Improved: Adds a ScoreGuard badge (OFBIZ-12964)
We have currently a 7.7 score. Theoretically this could be improved using 4
manners:
1. Token-Permissions
2. Code-Review
3. Fuzzing
4. CII-Best-Practice
https://securityscorecards.dev/viewer/?uri=github.com/apache/ofbiz-framework
1. Reality is Token-Permissions reports a write permission for pushing
packages
and the proposed link is not a solution (at least for now)
2. We can improve code review
3. I'll have a look, Fuzzing seems an interesting complementary tool for
security
4. I'll also have a look, "paper work" mostly
---
README.adoc | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.adoc b/README.adoc
index 4d087961ae..20fb111e79 100644
--- a/README.adoc
+++ b/README.adoc
@@ -25,6 +25,7 @@
image:https://img.shields.io/badge/Version-trunk-blue.svg[link=https://github.co
image:https://ci2.apache.org/badges/ofbizTrunkFrameworkPlugins.svg[link=https://ci2.apache.org/#/builders?tags=%2BofbizTrunkFrameworkPlugins]
image:https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml/badge.svg?branch=trunk[link=https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml]
image:https://qpkb254zxeu.montastic.io/badge[link=https://qpkb254zxeu.montastic.io]
+image:https://api.securityscorecards.dev/projects/github.com/apache/ofbiz-framework/badge[link=https://securityscorecards.dev/viewer/?uri=github.com/apache/ofbiz-framework]
//image:https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml/badge.svg[link=https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml]
