OpenSSF Scorecard data - Githubissues

ecosyste-ms / roadmap

Planning and roadmap for future Ecosyste.ms development

GNU Affero General Public License v3.0

9 stars 1 forks source link

OpenSSF Scorecard data #18

Open andrew opened 2 weeks ago

andrew commented 2 weeks ago

I'd like to get the data from https://securityscorecards.dev/ into an ecosyste.ms service so I can do queries across the data and also integrate it into the packages and repos services.

In future we may calculate the scores ourselves as OpenSSF only covers a small percentage of all the most important open source repositories.

JustinGOSSES commented 17 hours ago

Possibly useful for this issue, at least for exploration purposes, is a not well advertised prototype OSSF API that pulls in scorecard and some of the other OSSF API results, plus a few additional things like average dependency age and libYears behind https://riskapi.ashydesert-4ee1f08e.westus3.azurecontainerapps.io/apidocs/

andrew commented 10 hours ago

@JustinGOSSES thanks, I saw this a few weeks ago as well, keeping an eye on it to see what raw data is missing from ecosyste.ms that would be used to make this high level assesments.