This pipeline will proactively report the status of the project (every day and when a push is done to master branch) including critical fields (CI-Tests, Contributors, Dependency-Update-Tool, Webhooks) that are missing while running via OSSF cron jobs.
Important
Also includes a migration from Travis to GitHub Actions
Context
Changes related
It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include https://github.com/ossf/scorecard/issues/3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).
Main Changes
This pipeline will proactively report the status of the project (every day and when a push is done to
masterbranch) including critical fields (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks) that are missing while running via OSSF cron jobs.Important
Also includes a migration from Travis to GitHub Actions
Context
Changes related
It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include https://github.com/ossf/scorecard/issues/3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).
Source: openssf-scorecard-monitor documentation
Team discussion related
Ref: https://github.com/expressjs/security-wg/issues/2 Report:https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/etag/commit/4664b6e53c85a56521076f9c5004dd9626ae10c8
Changelog 39251297d981d488a534dfd44056cae014eced98 add OSSF scorecard action by @carpasse
Important
This pull request relies on and incorporates changes from #32, so it should be merged after it.