[Nasm-devel] Could you help improve nasm's security score of ossf scorecard?
Wang, Changran
changran.wang at intel.com
Tue Aug 30 22:31:14 PDT 2022
Hi! I am working on using nasm in open-source service mesh community Envoy<https://github.com/envoyproxy/envoy>.
And I have raised a PR to integrate nasm to envoy, see this<https://github.com/envoyproxy/envoy/pull/22651>.
And envoy uses OSSF scorecard<https://blog.envoyproxy.io/security-scorecards-envoy-automating-supply-chain-analysis-7b8fd9829169> to test open source github repo to see how it would behave as an envoy dependency.
But the result score of nasm is a bit low, like this<https://github.com/envoyproxy/envoy/pull/22651#discussion_r948011839>.
However, many of the issues could be easily improved in nasm github repo.
For example, adding a security policy is easy and important, also setting branch protection should just be a github-level thing.
Could you help fix some very simple issues to improve nasm's security score of ossf scorecard? Thanks!
BR,
Changran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nasm.us/archives/nasm-devel/attachments/20220831/4050f1c9/attachment.htm>
More information about the Nasm-devel
mailing list