Hello,

We are considering using the project inside our company. However, our Security Team asked us do to a review on the project security, using scorecards like https://scorecard.dev/viewer/?uri=github.com/stakater/Reloader and https://deps.dev/go/github.com%2Fstakater%2FReloader

The following seems to be missing:

• No security policy on the project https://github.com/stakater/Reloader/security
• No SAST in the CI/CD (using govulncheck or others tools)
• No signed releases

What do you think about implementing at least the first two mentioned points? It would ease the adoption, especially for companies now taking an interest in supply chain security.

Thanks a lot!

Hi, we have a Reloader Enterprise edition that addresses these points, please send an email to sales@stakater.com if you're interested to hear more