遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/8787)
<a href="https://www.bestpractices.dev/projects/8787"><img src="https://www.bestpractices.dev/projects/8787/badge"></a>
poutine is a security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository. It supports parsing CI workflows from GitHub Actions and Gitlab CI/CD (with others soon to be supported). When given an access token with read-level access, poutine can analyze all the repositories of an organization to quickly gain insights into the security posture of the organization's software supply chain.
https://github.com/boostsecurityio/poutine/blob/main/MAINTAINERS.md
Repository on GitHub, which uses git. git is distributed.
Required by GitHub
https://github.com/boostsecurityio/poutine/blob/main/.github/workflows/build_test.yml
We always use HTTPS for all traffic
This is supported by Go 1.22
Found all required security hardening headers.
警告:需要URL,但找不到URL。
Our Rego engine is configured with least privilege
警告:需要更长的理由。
后退