methods icon indicating copy to clipboard operation
methods copied to clipboard
verified publisher icon jshttp

Add OSSF scorecard action

Open carpasse opened this issue 1 year ago • 1 comments

Main Changes

This pipeline will proactively report the status of the project (every day and when a push is done to master branch) including critical fields (CI-Tests, Contributors, Dependency-Update-Tool, Webhooks) that are missing while running via OSSF cron jobs.

Important

Also includes a migration from Travis to GitHub Actions

Context

Changes related

It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include https://github.com/ossf/scorecard/issues/3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).

Source: openssf-scorecard-monitor documentation

Team discussion related

Ref: https://github.com/expressjs/security-wg/issues/2 Report:https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/negotiator/commit/cd99945bbb40b2341f46dcc885f046f274919699

Changelog 29576363712022425726c5537950144c928af809 add OSSF scorecard action by @carpasse

carpasse avatar Apr 30 '24 04:04 carpasse

Coverage Status

coverage: 100.0%. remained the same when pulling 29576363712022425726c5537950144c928af809 on carpasse:add-ossf-scorcard-pipeline into 363a03a9958870132c05ee5945273ffb40d381dd on jshttp:master.

coveralls avatar Apr 30 '24 04:04 coveralls