You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi jstree Maintainers,
I'm reaching out because I appreciate your work on jstree. As open-source security is a growing concern, I'd like to suggest some improvements based on the OpenSSF Scorecard best practices:
• Token Permissions: Consider implementing explicit token permissions within the workflow to avoid over-permissioning vulnerabilities.
• Branch Protection & Code Review: Enabling branch protection rules and code reviews can minimize the risk of introducing vulnerabilities. Refer to your repository settings for configuration options.
• Static Application Security Testing (SAST): Implementing SAST tools can help detect vulnerabilities early in the development lifecycle.
• Dependency Update Tool: Utilizing a dependency update tool ensures your project uses the latest secure library versions.
• Security Policy: Defining a comprehensive security policy (SECURITY.md) with vulnerability reporting guidelines, coding standards, and response procedures is recommended.
For more information on specific checks, see the OpenSSF Scorecard documentation: Link to Documentation
This discussion was converted from issue #2803 on April 20, 2025 19:54.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi jstree Maintainers,
I'm reaching out because I appreciate your work on jstree. As open-source security is a growing concern, I'd like to suggest some improvements based on the OpenSSF Scorecard best practices:
• Token Permissions: Consider implementing explicit token permissions within the workflow to avoid over-permissioning vulnerabilities.
• Branch Protection & Code Review: Enabling branch protection rules and code reviews can minimize the risk of introducing vulnerabilities. Refer to your repository settings for configuration options.
• Static Application Security Testing (SAST): Implementing SAST tools can help detect vulnerabilities early in the development lifecycle.
• Dependency Update Tool: Utilizing a dependency update tool ensures your project uses the latest secure library versions.
• Security Policy: Defining a comprehensive security policy (SECURITY.md) with vulnerability reporting guidelines, coding standards, and response procedures is recommended.
For more information on specific checks, see the OpenSSF Scorecard documentation: Link to Documentation
Beta Was this translation helpful? Give feedback.
All reactions