This pipeline will proactively report the status of the project (every day and when a push is done to master branch) including critical fields (CI-Tests, Contributors, Dependency-Update-Tool, Webhooks) that are missing while running via OSSF cron jobs.
Important
Also includes a migration from Travis to GitHub Actions
Context
Changes related
It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include https://github.com/ossf/scorecard/issues/3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).
Main Changes
This pipeline will proactively report the status of the project (every day and when a push is done to
master
branch) including critical fields (CI-Tests
,Contributors
,Dependency-Update-Tool
,Webhooks
) that are missing while running via OSSF cron jobs.Important
Also includes a migration from Travis to GitHub Actions
Context
Changes related
It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include https://github.com/ossf/scorecard/issues/3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).
Source: openssf-scorecard-monitor documentation
Team discussion related
Ref: https://github.com/expressjs/security-wg/issues/2 Report:https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/negotiator/commit/90dd6f9a046fffaf158287cb19eee686d17e7cde
Changelog 39e4f4ae0535123749804b27895266256ad6c549 add OSSF scorecard action by @carpasse