Skip to content

Include OpenSSF scorecard tool #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Include OpenSSF scorecard tool #129

wants to merge 3 commits into from

Conversation

@npechl
Copy link
Contributor

@npechl npechl commented Oct 2, 2025

Closes #127.

@npechl npechl marked this pull request as ready for review October 2, 2025 09:03
dgarijo
dgarijo reviewed Oct 2, 2025
View reviewed changes
dgarijo
dgarijo reviewed Oct 2, 2025
View reviewed changes
data/software-tools/openssfscorecard.json
"description": "OpenSSF Scorecard is a tool that automatically evaluates the security health of open source projects. It runs checks on best practices like branch protection, dependency management, and code review, then produces a score to help maintainers and users assess project risk.",
"hasQualityDimension": [
{ "@id": "dim:Security", "@type": "@id" },
{ "@id": "dim:Maintainability", "@type": "@id" },
Copy link
Contributor

@dgarijo dgarijo Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{ "@id": "dim:Maintainability", "@type": "@id" },
{ "@id": "dim:maintainability", "@type": "@id" },

dgarijo
dgarijo reviewed Oct 2, 2025
View reviewed changes
data/software-tools/openssfscorecard.json
"hasQualityDimension": [
{ "@id": "dim:Security", "@type": "@id" },
{ "@id": "dim:Maintainability", "@type": "@id" },
{ "@id": "dim:Sustainability", "@type": "@id" }
Copy link
Contributor

@dgarijo dgarijo Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{ "@id": "dim:Sustainability", "@type": "@id" }
{ "@id": "dim:sustainability", "@type": "@id" }

Copy link
Contributor

@dgarijo dgarijo Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the instances are non-capital in the identifiers of dimensions and indicators. I know it's a bit confusing, but I set it up that way and now we should not change the ids :S

dgarijo
dgarijo reviewed Oct 2, 2025
View reviewed changes
data/software-tools/openssfscorecard.json
"howToUse": ["CI/CD", "command-line"],
"isAccessibleForFree": true,
"license": "https://spdx.org/licenses/Apache-2.0",
"name": "scorecard",
Copy link
Contributor

@dgarijo dgarijo Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"name": "scorecard",
"name": "OpenSSF Scorecard",

dgarijo
dgarijo requested changes Oct 2, 2025
View reviewed changes
Copy link
Contributor

@dgarijo dgarijo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small suggestions. Please have a look

@npechl @dgarijo
Update data/software-tools/openssfscorecard.json
aba1b67 
Co-authored-by: Daniel Garijo <dgarijov@gmail.com>
@npechl
Copy link
Contributor Author

npechl commented Oct 2, 2025

@dgarijo I think validate checks are failing with your suggestions.

@vuillaut, @shraddha-bajare, any suggestions on this?

@dgarijo
Copy link
Contributor

dgarijo commented Oct 2, 2025
edited
Loading

Yes, there is an error in the script.
I will open an issue. I have to take action to:

  • Make sure we add the "dim" namespace in the context.
  • The dimensions are in non-capital letters.

@npechl
Copy link
Contributor Author

npechl commented Oct 2, 2025

Just note, though, that most of the tools already included in TechRadar have dimensions in capital letters

@dgarijo
Copy link
Contributor

dgarijo commented Oct 2, 2025

yes, that's an error. We can change it, I think it's not a big deal. They are pointing to the wrong identifiers at the moment. I will sort it out with Thomas

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarijo dgarijo dgarijo requested changes

@vuillaut vuillaut Awaiting requested review from vuillaut

@shraddha-bajare shraddha-bajare Awaiting requested review from shraddha-bajare

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OpenSSF tool is missing

2 participants

@npechl @dgarijo