ossf/scorecard

Go 5.3k stars

OpenSSF Scorecard - Security health metrics for Open Source

✓ Synced 3h ago Share on X →

README badge: [![ngmi](https://ngmi.review/badge/ossf/scorecard.svg)](https://ngmi.review/repo/ossf/scorecard)

2.9k Merged PRs

3 days Avg Merge Time

0m Fastest PR

6 months Slowest PR

      #317
      Global Speed Rank
    

Top Reviewers

@naveensrinivasan

1460 reviews ✓ 1001 approved ↺ 9 blocked

@laurentsimon

1240 reviews ✓ 363 approved ↺ 3 blocked

@spencerschrock

1235 reviews ✓ 732 approved ↺ 7 blocked

@azeemshaikh38

1062 reviews ✓ 459 approved ↺ 26 blocked

@AdamKorcz

328 reviews ✓ 8 approved

@inferno-chromium

321 reviews ✓ 256 approved ↺ 5 blocked

@raghavkaul

265 reviews ✓ 137 approved ↺ 5 blocked

@oliverchang

215 reviews ✓ 125 approved ↺ 1 blocked

@justaugustus

167 reviews ✓ 112 approved ↺ 12 blocked

#10

@gabibguti

98 reviews

Recent Merged PRs

#	Title	Author	Time	Reviews	Blocks
#4883	:seedling: Set OSV User-Agent for scorecard cli and cron workers.	@kash2104	1 month	4	✓
#4931	:seedling: cron: enable CDN purging in prod weekly scans	@spencerschrock	19m	1	✓
#4928	:seedling: cron: Add ability to purge cached results from a CDN	@spencerschrock	1 day	1	✓
#4927	:seedling: ci: remove all e2e test references to gitlab.com/gitlab-org/gitlab	@spencerschrock	1 day	1	✓
#4923	:seedling: Bump go-github to v82	@Kielek	3 days	1	✓
#4924	:seedling: ci: use smaller repo for gitlab e2e tests to avoid timeouts	@spencerschrock	2.9h	1	✓
#4918	:seedling: Bump the github-actions group across 1 directory with 4 updates	@dependabot	3 days	1	✓
#4911	:seedling: Bump actions/setup-go from 6.1.0 to 6.2.0	@dependabot	10 days	1	✓
#4906	:seedling: Bump the distroless group across 6 directories with 1 update	@dependabot	17 days	1	✓
#4912	:seedling: Bump the golang group across 8 directories with 1 update	@dependabot	10 days	1	✓
#4908	:seedling: Bump github.com/sigstore/cosign/v2 from 2.6.1 to 2.6.2 in /tools	@dependabot	16 days	1	✓
#4915	:seedling: Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 in /tools	@dependabot	7 days	1	✓
#4920	:seedling: Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.4.1 in /tools	@dependabot	2 days	1	✓
#4916	:seedling: Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 in /tools	@dependabot	6 days	2	✓
#4898	:bug: detect toJSON(github.event) in Dangerous-Workflow check	@heathdutton	9 days	2	✓
#4879	:seedling: Bump the github-actions group with 5 updates	@dependabot	24 days	1	✓
#4901	:seedling: Bump the gomod group across 2 directories with 9 updates	@dependabot	1.0h	1	✓
#4884	🌱 chore: Add Hiero's Consensus Specifications to the cron	@jwagantall	22 days	2	✓
#4895	:seedling: deps: switch from gopkg.in/yaml.vX to go.yaml.in/yaml/vX	@scop	10 days	1	✓
#4885	:seedling: switch docker documentation to GHCR	@spencerschrock	10 days	1	✓