Currently, the FPC repo has a scorecard of 4.3 (see https://scorecard.dev/viewer/?uri=github.com/hyperledger/fabric-private-chaincode) <img src="https://api.scorecard.dev/projects/github.com/hyperledger/fabric-private-chaincode/badge"> This issue is about improving our scorecard value by applying best practices as suggested by [OpenSSF](https://github.com/ossf/scorecard) TODOS: - [x] Dangerous-Workflows - [x] Token-Permissions #764 - [ ] Vulnerabilities #759 - [x] Maintained - [ ] Code-Review - [ ] Binary-Artifacts - [ ] Fuzzing (TBD) - [ ] SAST - [ ] Pinned-Dependencies - [x] Security-Policy - [ ] CII-Best-Practices - [x] License - [ ] Branch-Protection - [ ] Packaging - [ ] Signed-Releases
Currently, the FPC repo has a scorecard of 4.3 (see https://scorecard.dev/viewer/?uri=github.com/hyperledger/fabric-private-chaincode)
This issue is about improving our scorecard value by applying best practices as suggested by OpenSSF
TODOS: