Closed Jdubrick closed 5 months ago
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
a371b8e
) 52.74% compared to head (994e896
) 52.74%. Report is 2 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
I don't have write access to this repo, would one of the approvers be able to merge? Thank you :)
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: amisevsk, AObuchow, ibuziuk, Jdubrick
The full list of commands accepted by this bot can be found here.
The pull request process is described here
What does this PR do?
This PR implements changes to the repository to align us more closely with OpenSSF and CNCF best practices. Below is a summary and explanation of all the changes:
OpenSSF Badges
These badges are displayed in the readme so that anyone can view them and see how the repository is adhering to these practices. The
Best Practices
badge can be filled out and viewed in more detail here.The
Scorecard
badge gives the repository a score based on how secure it is. A summary of that can be found here.Scorecard GitHub Workflow
This is tied to the
Scorecard
badge and is the code scanning aspect of it. This provides vulnerability scanning on the repository and will provide us with information regarding found vulnerabilities. More information about this scanning can be found here.CLOMonitor Exemption
This exemption has been added to every devfile repository as we decided we are not going to implement it.
Contributing
In order to standardize our repositories and adhere to the best practices we should have contributing instructions for anyone who wants to add to this project. The contributing file is the same format as all of the other devfile repositories. For the issues section I included a link to the issues contained in this repository as it looks like you are storing issues there instead of in
devfile/api
.What issues does this PR fix or reference?
fixes https://github.com/devfile/api/issues/1389
Is it tested? How?
All changes were either made to documentation files or by adding new files unrelated to the project function.
PR Checklist
/test v8-devworkspace-operator-e2e, v8-che-happy-path
to trigger)v8-devworkspace-operator-e2e
: DevWorkspace e2e testv8-che-happy-path
: Happy path for verification integration with Che