Best practices to keep your projects secure on GitHub

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
scorecard Security security-scorecards github-actions

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • scorecard

    OpenSSF Scorecard - Security health metrics for Open Source

    • So if you are concerned about this, I'd suggest looking at the following:

    * OpenSSF Scorecard Action - https://github.com/ossf/scorecard#scorecards-github-action

    * Step Security Harden Action - https://github.com/step-security/harden-runner

    I realize that this means trusting these providers but they seem at least tacitly blessed by GitHub. https://docs.github.com/en/actions/security-guides/security-...

  • harden-runner

    Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

    • So if you are concerned about this, I'd suggest looking at the following:

    * OpenSSF Scorecard Action - https://github.com/ossf/scorecard#scorecards-github-action

    * Step Security Harden Action - https://github.com/step-security/harden-runner

    I realize that this means trusting these providers but they seem at least tacitly blessed by GitHub. https://docs.github.com/en/actions/security-guides/security-...

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts