This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit c7b1a4b520093170067ba21b4ebe7d352b06105b Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Tue Mar 26 12:14:50 2024 +0100 Improved: Adds a ScoreGuard badge (OFBIZ-12964) We have currently a 7.7 score. Theoretically this could be improved using 4 manners: 1. Token-Permissions 2. Code-Review 3. Fuzzing 4. CII-Best-Practice https://securityscorecards.dev/viewer/?uri=github.com/apache/ofbiz-framework 1. Reality is Token-Permissions reports a write permission for pushing packages and the proposed link is not a solution (at least for now) 2. We can improve code review 3. I'll have a look, Fuzzing seems an interesting complementary tool for security 4. I'll also have a look, "paper work" mostly --- README.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/README.adoc b/README.adoc index 4d087961ae..20fb111e79 100644 --- a/README.adoc +++ b/README.adoc @@ -25,6 +25,7 @@ image:https://img.shields.io/badge/Version-trunk-blue.svg[link=https://github.co image:https://ci2.apache.org/badges/ofbizTrunkFrameworkPlugins.svg[link=https://ci2.apache.org/#/builders?tags=%2BofbizTrunkFrameworkPlugins] image:https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml/badge.svg?branch=trunk[link=https://github.com/apache/ofbiz-framework/actions/workflows/gradle.yaml] image:https://qpkb254zxeu.montastic.io/badge[link=https://qpkb254zxeu.montastic.io] +image:https://api.securityscorecards.dev/projects/github.com/apache/ofbiz-framework/badge[link=https://securityscorecards.dev/viewer/?uri=github.com/apache/ofbiz-framework] //image:https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml/badge.svg[link=https://github.com/apache/ofbiz-framework/actions/workflows/codeql-analysis.yml]