slsa icon indicating copy to clipboard operation
slsa copied to clipboard
verified publisher icon slsa-framework

start discussion with ossf/scorecard team to build an initial prototype

Open zachariahcox opened this issue 1 year ago • 4 comments

Goals:

  • new functionality added to scorecard app in a topic branch
  • demonstrate reading from rulesets and repositories APIs to validate at least one best practice
  • demonstrate summarization of those findings into a check that can fail the merge of non-compliant code.

zachariahcox avatar Sep 30 '24 13:09 zachariahcox

We should file a FR here: https://github.com/ossf/scorecard/issues

And join a community meeting to discuss. Apparently the next one is Oct 17th.

@zachariahcox do you have time to pursue this?

TomHennen avatar Oct 15 '24 19:10 TomHennen

Possibly a starting point: https://github.com/ossf/scorecard/issues/3352

adityasaky avatar Oct 15 '24 20:10 adityasaky

Possibly a starting point: ossf/scorecard#3352

Commented there!

TomHennen avatar Oct 16 '24 19:10 TomHennen

FYI I attended the Scorecards meeting today to discuss. Folks are open to it. Notes here https://docs.google.com/document/d/1b6d3CVJLsl7YnTE7ZaZQHdkdYIvuOQ8rzAmvVdypOWM/edit?tab=t.0#heading=h.5r8j0smn6u10

Still TBD is who would do this work. (and actually getting a concrete proposal in place to be agreed on more formally)

TomHennen avatar Oct 17 '24 20:10 TomHennen

They weren't interested in this. In the meantime we created our own prototype.

TomHennen avatar Jun 02 '25 14:06 TomHennen