Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multi-scorecard experiment #4502

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

multi-scorecard experiment #4502

wants to merge 6 commits into from

Conversation

justaugustus
Copy link
Member

@justaugustus justaugustus commented Jan 25, 2025
edited
Loading

THIS IS NOT READY FOR REVIEW

I'm opening this PR to get feedback from CI as I work to integrate this functionality on a feature branch.

What kind of change does this PR introduce?

(Is it a bug fix, feature, docs update, something else?)

What is the current behavior?

Adds the multi-scorecard tool that was featured in @jeffmendoza and my SOSS Fusion talk, "Scorecard at Scale: Old and New Possibilities for Lifting Security on All Repositories": https://sched.co/1hcPq, https://youtu.be/-XZqbO3hGcw?si=eGicz0sjgiIRhol4

What is the new behavior (if this is a feature change)?**

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Special notes for your reviewer

Accompanying subproject PRs: ossf/scorecard-monitor#90, ossf/scorecard-visualizer#453

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

@justaugustus @jeffmendoza
cmd: Initial commit of jeffmendoza/multi-scorecard
417cf57 
Co-authored-by: Jeff Mendoza <jlm@jlm.name>
Signed-off-by: Stephen Augustus <foo@auggie.dev>
@justaugustus justaugustus requested a review from a team as a code owner January 25, 2025 02:51
@justaugustus justaugustus requested review from spencerschrock and raghavkaul and removed request for a team January 25, 2025 02:51
@justaugustus
cmd/multi-scorecard: De-init submodule and keep files
e6ccf20 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
@justaugustus
generated: go mod tidy
d8a7002 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
@justaugustus
cmd/multi-scorecard: Downgrade go-github to v53 for compatibility
f2e1f6b 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
@justaugustus
cmd/multi-scorecard: Update installation command and tool history
a002868 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
This was referenced Jan 25, 2025
Open
Open
@justaugustus
multi-scorecard: Add initial TODOs and workarounds to README
b33c881 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
@justaugustus justaugustus deployed to integration-test January 25, 2025 07:01 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spencerschrock spencerschrock Awaiting requested review from spencerschrock spencerschrock is a code owner automatically assigned from ossf/scorecard-maintainers

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

@jeffmendoza jeffmendoza

Labels
None yet
Projects
Scorecard - NEW
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@justaugustus @jeffmendoza