Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add OpenSSF scorecard monitor #13

Merged
merged 3 commits into from
Mar 22, 2024
Merged

feat: add OpenSSF scorecard monitor #13

merged 3 commits into from
Mar 22, 2024

Conversation

inigomarquinez
Copy link
Member

The aim of this pull request is to add the pipeline that runs the OpenSSF scorecard analysis for three organizations (expressjs, pillarjs and jshttpg).

The pull request also creates the folder tools/ossf_scorecard/ to store the data related (database.json, scope.json and the report.md).

I've configured the pipeline to run manually until de @expressjs/security-wg decides the frequency to run it.

This is based on how it was done for the nodejs organization here.

Once merged and the pipeline is executed, it will create a report similar to this one to easily identify the score for each repo in the 3 organizations along with the difference of score with the previous report and how to improve it.

Context

Copy link
Member

@UlisesGascon UlisesGascon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@UlisesGascon UlisesGascon merged commit 1424b27 into expressjs:main Mar 22, 2024
@inigomarquinez inigomarquinez deleted the tools/scorecard-monitor branch March 22, 2024 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants