You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As part of the project infra SIG, we're working on some CLO monitoring improvements, and these are the issues the CLOMonitor found for the operator. We don't need to solve everything here, but it would be great to work on this towards improvement repo conformance.
License scanning software scans and automatically identifies, manages and addresses open source licensing issues.
AFOSSAorSnyklink is found in the repository'sREADMEfile.
Security
Software bill of materials (SBOM)
List of components in a piece of software, including licenses, versions, etc.
The latest release on Github includes an asset which name containssbom.
Signed releases (from OpenSSF Scorecard)
This check tries to determine if the project cryptographically signs release artifacts.
Security insights
Projects should provide an OpenSSF Security Insights manifest file.
A valid OpenSSF Security Insightsmanifest file(SECURITY-INSIGHTS.yml) is found at the root of the repository.
Token permissions (from OpenSSF Scorecard)
This check determines whether the project's automated workflows tokens are set to read-only by default.
Dependencies policy
Project should provide a dependencies policy that describes how dependencies are consumed and updated.
The url of the dependencies policy is available in thedependencies > env-dependencies-policysection of theOpenSSF Security Insightsmanifest file(SECURITY-INSIGHTS.yml) that should be located at the root of the repository.
Best Practices
OpenSSF best practices badge
The Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices.
AnOpenSSFbest practices badge is found in the repository'sREADMEfile.
Artifact Hub badge
Projects can list their content on Artifact Hub to improve their discoverability.
AnArtifact Hubbadge is found in the repository'sREADMEfile.
Describe the issue you're reporting
As part of the project infra SIG, we're working on some CLO monitoring improvements, and these are the issues the CLOMonitor found for the operator. We don't need to solve everything here, but it would be great to work on this towards improvement repo conformance.
opentelemetry-operator
clomonitor link
project link
License
Security
Best Practices
The text was updated successfully, but these errors were encountered: