Adopt the Scorecard Action to monitor the project's security posture

Hey, it's Pedro and I'm back (see #7594 and my colleague Joyce's #7541 and #7546) with another security suggestion.

Joyce and I detected these issues by using the [OpenSSF Scorecard](https://github.com/ossf/scorecard), which scans a repository looking for code or settings that can be changed to improve a project's supply-chain security. It is available as a [GitHub Action](https://github.com/ossf/scorecard-action) which routinely runs on the repo and adds actionable suggestions directly to the project's [Security Dashboard](https://github.com/ReactiveX/RxJava/security/code-scanning). It can therefore warn you if any change unintentionally weakens the project's security posture.

For the record, RxJava's [current score](https://securityscorecards.dev/viewer/?uri=github.com/ReactiveX%2FRxJava) is 8.5/10, which is awesome! In fact, it's in the top 0.1% of popular projects!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Adopt the Scorecard Action to monitor the project's security posture #7625

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Adopt the Scorecard Action to monitor the project's security posture #7625

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions