Skip to content

Add fields for OpenSSF Best Practices Badge, fixes #93 #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Add fields for OpenSSF Best Practices Badge, fixes #93 #94

wants to merge 3 commits into from

Conversation

@david-a-wheeler
Copy link
Contributor

@david-a-wheeler david-a-wheeler commented Sep 25, 2024

No description provided.

@david-a-wheeler
Copy link
Contributor Author

david-a-wheeler commented Sep 25, 2024

Here's my attempt to add support for all (important) OpenSSF Best Practices Badge data to SECURITY-INSIGHTS. Comments welcome. @eddie-knight @SecurityCRob

@david-a-wheeler
Copy link
Contributor Author

david-a-wheeler commented Sep 25, 2024

Note: It might be better if some or all of the "special keys" went to "headers" instead. If so, we'd need to figure out what the current URL is (repo_url or project_url?). The list aof implementation languages should perhaps be an array of strings instead. The current criteria keys could be explicitly listed (for simplicity I didn't do that)... that would be easy to generate with a script.

@david-a-wheeler
Copy link
Contributor Author

david-a-wheeler commented Sep 25, 2024

Also, maybe "license" should be named "license_expression" to make it more obvious what it is.

@david-a-wheeler david-a-wheeler marked this pull request as draft September 25, 2024 14:44
@david-a-wheeler
Copy link
Contributor Author

david-a-wheeler commented Sep 25, 2024

I'm labeling this as draft, I think many keys need to move to headings. I'd love to hear thoughts

@david-a-wheeler
Move project metadata into header.
02e742c 
Signed-off-by: David A. Wheeler <[email protected]>
@david-a-wheeler
Add all OpenSSF badge criteria to its section
c0b8d4d 
This also checks in a small script that can automatically
regenerate this section. The script makes it easier to make
mass changes/updates.

Signed-off-by: David A. Wheeler <[email protected]>
@david-a-wheeler david-a-wheeler marked this pull request as ready for review September 26, 2024 03:00
@david-a-wheeler
Copy link
Contributor Author

david-a-wheeler commented Sep 26, 2024

I think it's ready now, but this needs review. Comments welcome.

@eddie-knight eddie-knight mentioned this pull request Dec 30, 2024
Open
@eddie-knight
Copy link
Contributor

eddie-knight commented Jan 1, 2025

We'll need to continue this discussion in light of the recent changes in the v2 release. The PR linked above might be a good starting point. I'll also make note of this on #93.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@david-a-wheeler @eddie-knight