This pipeline will proactively report the status of the project (every day and when a push is done to master branch) including critical fields (CI-Tests, Contributors, Dependency-Update-Tool, Webhooks) that are missing while running via OSSF cron jobs.
Context
Changes related
It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include https://github.com/ossf/scorecard/issues/3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).
Main Changes
This pipeline will proactively report the status of the project (every day and when a push is done to
masterbranch) including critical fields (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks) that are missing while running via OSSF cron jobs.Context
Changes related
It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include https://github.com/ossf/scorecard/issues/3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).
Source: openssf-scorecard-monitor documentation
Team discussion related
Ref: https://github.com/expressjs/security-wg/issues/2 Report:https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/accepts/commit/f69c19e459bd501e59fb0b1a40b7471bb578113a
Changelog e2cf269312cb716369a7daab5d034f84170ee0d8 add ossf scorecard action by @carpasse