Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve security score/practices #289

Open
5 tasks
sripwoud opened this issue May 20, 2024 · 0 comments
Open
5 tasks

Improve security score/practices #289

sripwoud opened this issue May 20, 2024 · 0 comments
Labels
dependencies 📦 Changes in dependencies devops 🔧 Operations management and dev tools question ❔ Further information is requested

Comments

@sripwoud
Copy link
Member

sripwoud commented May 20, 2024
edited
Loading

See https://discord.com/channels/943612659163602974/1006997078259552346/1237782683229356173 (PSE internal discord).

Here are the scorecard results of the zk-kit repo:
scorecard.txt

I don't think the goal is to get a 10/10.
But there are probably some quick wins we can implement like:

  • add a dependency update/scan tool bot
    I like using socket-security on some of my repos
  • Address existing vulnerabilities
  • Add a security policy file
  • Improve branch protection rules
  • Pin some dependencies by hash ?
@sripwoud sripwoud added dependencies 📦 Changes in dependencies devops 🔧 Operations management and dev tools question ❔ Further information is requested labels May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies 📦 Changes in dependencies devops 🔧 Operations management and dev tools question ❔ Further information is requested
Projects
ZK-Kit
Status: ♻️ Grooming
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sripwoud