You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm reaching out because I appreciate your work on react-window. As open-source security is a growing concern, I'd like to suggest some improvements based on the OpenSSF Scorecard best practices:
Branch Protection & Code Review: Enabling branch protection rules and code reviews can minimize the risk of introducing vulnerabilities. Refer to your repository settings for configuration options.
Static Application Security Testing (SAST): Implementing SAST tools can help detect vulnerabilities early in the development lifecycle.
Security Policy: Defining a comprehensive security policy (SECURITY.md) with vulnerability reporting guidelines, coding standards, and response procedures is recommended.
Packaging: Is the project currently out of maintenance? Are there any plans to release a new version?
For more information on specific checks, see the OpenSSF Scorecard documentation: Link to Documentation: https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-documentation
The text was updated successfully, but these errors were encountered:
Hi react-window Maintainers,
I'm reaching out because I appreciate your work on react-window. As open-source security is a growing concern, I'd like to suggest some improvements based on the OpenSSF Scorecard best practices:
Branch Protection & Code Review: Enabling branch protection rules and code reviews can minimize the risk of introducing vulnerabilities. Refer to your repository settings for configuration options.
Static Application Security Testing (SAST): Implementing SAST tools can help detect vulnerabilities early in the development lifecycle.
Security Policy: Defining a comprehensive security policy (SECURITY.md) with vulnerability reporting guidelines, coding standards, and response procedures is recommended.
Packaging: Is the project currently out of maintenance? Are there any plans to release a new version?
For more information on specific checks, see the OpenSSF Scorecard documentation: Link to Documentation: https://github.com/ossf/scorecard/blob/main/docs/checks.md#check-documentation
The text was updated successfully, but these errors were encountered: