Temporarily suspending Scorecard's cron job

71 views

Skip to first unread message

Azeem Shaikh

unread,

Dec 6, 2022, 12:38:30 PM12/6/22

to OSSF Scorecard dev

Hi all,

We're writing to let you know about an issue discovered in the Scorecard cron job. The cron uses a pool of tokens to scale the number of repositories scanned. Out of an abundance of caution, these tokens are now suspended from use due to potential security implications. We're temporarily suspending Scorecard's cron runs while we re-evaluate how we should scale this in the long term.

What does this mean for users?

Projects can expect to see stale results on https://api.securityscorecards.dev and https://deps.dev. Projects that have scorecard-action installed will continue to see their latest result runs on https://api.securityscorecards.dev.
The public BigQuery table will not be updated in the coming weeks, but users can continue using data from previous weeks.

We apologize for any inconvenience this may cause. If you have any questions, please contact the OpenSSF Scorecard Maintainer team.

Thanks & Regards,

OpenSSF Scorecard Maintainers

Reply all

Reply to author

Forward

0 new messages