scorecard --local . --show-details --format json | jq .
{
"date": "2023-02-22",
"repo": {
"name": "file://.",
"commit": "unknown"
},
"scorecard": {
scorecard --local . --show-details --format json | jq .
{
"date": "2023-02-22",
"repo": {
"name": "file://.",
"commit": "unknown"
},
"scorecard": {
Naveen Srinivasan https://github.com/naveensrinivasan
Have you ever thought about how to ensure that the open source software you're using is secure? It's easy to spend more time researching restaurant reviews than evaluating the security of a new open source dependency, but the consequences of not doing so can be far more serious. Software supply chain attacks are becoming increasingly common, and attackers are targeting vulnerabilities in dependencies early in the supply chain to amplify the impact of their attacks.
Dependency security is in the spotlight, as evidenced by a 742% average annual increase in software supply chain attacks over the past three years. As a result, consumers of open source software need to be informed about the projects they rely on to safeguard their own projects against the next major supply chain attack. Is it safe to use the dependencies
WITH top_repos AS ( | |
SELECT | |
REGEXP_REPLACE(repo.url, '^https://', '') as repo_name | |
FROM | |
`openssf.criticality_score_cron.criticality-score-v0` | |
WHERE | |
collection_date = ( | |
SELECT | |
MAX(collection_date) | |
FROM |
package main | |
import ( | |
"encoding/json" | |
"fmt" | |
"io/ioutil" | |
"net/http" | |
"sync" | |
"sync/atomic" | |
) |
{ | |
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", | |
"version": "2.1.0", | |
"runs": [ | |
{ | |
"automationDetails": { | |
"id": "supply-chain/branch-protection/33f80c93dc79f860d874857c511c4d26d399609d-09 Apr 22 22:41 +0000" | |
}, | |
"tool": { | |
"driver": { |
These SHA's are git commit SHA. Most of them can be validated by looking up the tag using the API.
Here is an example of actions/setup-node@v2
https://api.github.com/repos/actions/setup-node/git/refs/tags/v2
This should provide a result like this.
{
func removeNthFromEnd(head *ListNode, n int) *ListNode { | |
cur,cur2,counter:= head,head,0 | |
if head == nil{ | |
return head | |
} | |
for cur!= nil && cur.Next != nil{ | |
counter+=2 | |
cur = cur.Next.Next | |
} |
github.com/18F/identity-idp | |
github.com/1N3/Sn1per |
" hi there! | |
let mapleader = "," | |
map W :tabdetach<CR> | |
map A :tabattach<Space> | |
map U lastClosedTab | |
map O :history<Space> | |
map yt :duplicate<CR> | |
map <C-s> openSearchBar | |
map <C-r> openSearchBarReverse |