遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/4689)
<a href="https://www.bestpractices.dev/projects/4689"><img src="https://www.bestpractices.dev/projects/4689/badge"></a>
An open source build platform designed for continuous delivery.
Repository on GitHub, which uses git. git is distributed.
npm test go install -v ./... && go test -v ./..
警告:需要URL,但找不到URL。
We have a repo for generating new repos with a template for testing, etc: https://github.com/screwdriver-cd/generator-screwdriver/tree/master/app/templates
// X-Content-Type-Options was not set to "nosniff".
https://cd.screwdriver.cd/ was onboarded to Detectify via VerizonMedia internal Security team and we do have scan reports, though not publicly available. This is not done as part of our CI/CD process but rather on-demand, we are exploring if we can make it part of our CI/CD process.
Screwdriver does not use dynamic analysis tools as a part of the CI/CD pipeline. On the other hand, Screwdriver production clusters produce run-time events such as logs and metrics (via Prometheus) which are exposed to monitoring tools like Grafana and can be used for dynamic analysis.
后退