[Nasm-devel] Could you help improve nasm's security score of ossf scorecard?

Wang, Changran changran.wang at intel.com
Tue Aug 30 22:31:14 PDT 2022


Hi! I am working on using nasm in open-source service mesh community Envoy<https://github.com/envoyproxy/envoy>.

And I have raised a PR to integrate nasm to envoy, see this<https://github.com/envoyproxy/envoy/pull/22651>.

And envoy uses OSSF scorecard<https://blog.envoyproxy.io/security-scorecards-envoy-automating-supply-chain-analysis-7b8fd9829169> to test open source github repo to see how it would behave as an envoy dependency.

But the result score of nasm is a bit low, like this<https://github.com/envoyproxy/envoy/pull/22651#discussion_r948011839>.

However, many of the issues could be easily improved in nasm github repo.
For example, adding a security policy is easy and important, also setting branch protection should just be a github-level thing.

Could you help fix some very simple issues to improve nasm's security score of ossf scorecard? Thanks!

BR,
Changran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nasm.us/archives/nasm-devel/attachments/20220831/4050f1c9/attachment.htm>


More information about the Nasm-devel mailing list