Include OpenSSF scorecard tool#129
Include OpenSSF scorecard tool#129npechl wants to merge 3 commits intoEVERSE-ResearchSoftware:mainfrom
Conversation
| "description": "OpenSSF Scorecard is a tool that automatically evaluates the security health of open source projects. It runs checks on best practices like branch protection, dependency management, and code review, then produces a score to help maintainers and users assess project risk.", | ||
| "hasQualityDimension": [ | ||
| { "@id": "dim:Security", "@type": "@id" }, | ||
| { "@id": "dim:Maintainability", "@type": "@id" }, |
There was a problem hiding this comment.
| { "@id": "dim:Maintainability", "@type": "@id" }, | |
| { "@id": "dim:maintainability", "@type": "@id" }, |
| "hasQualityDimension": [ | ||
| { "@id": "dim:Security", "@type": "@id" }, | ||
| { "@id": "dim:Maintainability", "@type": "@id" }, | ||
| { "@id": "dim:Sustainability", "@type": "@id" } |
There was a problem hiding this comment.
| { "@id": "dim:Sustainability", "@type": "@id" } | |
| { "@id": "dim:sustainability", "@type": "@id" } |
There was a problem hiding this comment.
the instances are non-capital in the identifiers of dimensions and indicators. I know it's a bit confusing, but I set it up that way and now we should not change the ids :S
| "howToUse": ["CI/CD", "command-line"], | ||
| "isAccessibleForFree": true, | ||
| "license": "https://spdx.org/licenses/Apache-2.0", | ||
| "name": "scorecard", |
There was a problem hiding this comment.
| "name": "scorecard", | |
| "name": "OpenSSF Scorecard", |
dgarijo
left a comment
dgarijo
left a comment
There was a problem hiding this comment.
Small suggestions. Please have a look
Co-authored-by: Daniel Garijo <dgarijov@gmail.com>
|
@dgarijo I think validate checks are failing with your suggestions. @vuillaut, @shraddha-bajare, any suggestions on this? |
|
Yes, there is an error in the script.
|
|
Just note, though, that most of the tools already included in TechRadar have dimensions in capital letters |
|
yes, that's an error. We can change it, I think it's not a big deal. They are pointing to the wrong identifiers at the moment. I will sort it out with Thomas |
2 participants
Closes #127.