Avishay Balter
Avishay Balter
/azp run
presidio is approved for [OSS-Fuzz](https://github.com/google/oss-fuzz#introduction), [here](https://github.com/google/oss-fuzz/tree/master/projects/presidio). we would like to continue the integration with oss-fuzz using their provided fuzzers.
This is a great feedback, however it does venture a bit into the "tooling" side that sits on top of SCM, rather then actually being the SCM responsibility, wouldn't you...
> > @SecurityCRob - comments? > > I did _not_ try to edit `best-practices.yml`. I'm not sure what that yml file is doing. Is that the source & the README...
Thanks all for the discussion! Is this something you would like to bring to one of our next WG meetings to discuss further as a new incubating project (@l0kod @valoq)...
@torgo how do we update the SCM guide? do we manage these contributions directly here in the best practices repo or do we maintain the integration with Legitify somehow?
Specifically in regards to multi-stage builds, can this be looked at as an issue that can be resolved by looking back to see if the source "FROM" statement was pinned?...
@laurentsimon I'm trying to plan the work needed to comply with your reply here: > an additional place to add support for NuGet is in the Packaging check https://github.com/ossf/scorecard/blob/main/checks/packaging.go, which...
thanks for the feedback @walbourn! Packaging scores in Scorecard, today, work by detecting github/gitlab packaging workflows only, for **all** ecosystems (correct me if I'm wrong here @laurentsimon). The aim of...
Thank you for the review @spencerschrock ! I am sorry that I did not provide enough information for folks who are unfamiliar with the dotnet/nuget ecosystem. Here is another solid...