Improve Microcks' CLO Monitor score

yada commented 3 months ago

Reason/Context

See: https://www.cncf.io/reports/security-slam-2023/

Microcks has a CLO Monitor score of 68% 🤔 the goal is to be at 100% or close to... 🙌

This will also improve the project's Best Practices Score: https://insights.lfx.linuxfoundation.org/foundation/cncf/overview/best-practice-score?project=microcks&routedFrom=Github&bestPractice=false

Once we achieve our CLO Monitor objective, we'll be in good shape to create a new issue (if still necessary) and aim for a 100% score on insights.lfx.linuxfoundation.org, demonstrating our continuous improvement 🚀

Description

We can check how other projects have achieved 100%: https://clomonitor.io/projects/cncf/kyverno 👉 Thanks for the inspiration on this issue https://clomonitor.io/projects/cncf/k8gb

Or (close to 100%): https://clomonitor.io/projects/cncf/flux-project https://clomonitor.io/projects/cncf/cilium

Implementation ideas

Here is the current list of tasks to fix: https://clomonitor.io/projects/cncf/microcks

CLOMonitor report

Summary

Repository: microcks URL: https://github.com/microcks/microcks Checks sets: COMMUNITY + CODE

Checks passed per category

Documentation

[x] #1203
[x] Changelog (docs) #1202
[x] Code of conduct (docs)
[x] Contributing (docs)
[x] #1214
[x] Maintainers (docs)
[x] Readme (docs)
[x] Roadmap (docs) 👉 https://github.com/microcks/.github/issues/15
[x] #1218
[x] Website (docs)

License

[x] Apache-2.0 (docs)
[x] Approved license (docs)
[x] #1204

Best Practices

[x] #1205
[x] Contributor License Agreement (docs) EXEMPT
[x] #1219
[x] Developer Certificate of Origin (docs)
[x] Github discussions (docs)
[x] #1206
[x] #1208
[x] #1207
[x] Slack precense (docs) EXEMPT

Security

[x] Binary artifacts (docs)
[ ] Code review (docs)
[x] Dangerous workflow (docs)
[x] Dependencies policy (docs)
[x] Dependency update tool (docs)
[x] Maintained (docs)
[ ] Software bill of materials (SBOM) (docs)
[ ] Security insights (docs)
[x] Security policy (docs)
[ ] Signed releases (docs)
[x] Token permissions (docs)

Legal

[x] Trademark disclaimer (docs)

For more information about the check sets available and how each of checks works, please see the CLOMonitor's documentation.

github-actions[bot] commented 3 months ago

👋 @yada

Welcome to the Microcks community! 💖

Thanks and congrats 🎉 for opening your first issue here! Be sure to follow the issue template or please update it accordingly.

📢 If you're using Microcks in your organization, please add your company name to this list. 🙏 It really helps the project to gain momentum and credibility. It's a small contribution back to the project with a big impact.

If you need to know why and how to add yourself to the list, please read the blog post "Join the Microcks Adopters list and Empower the vibrant open source Community 🙌"

Hope you have a great time there!

lbroudoux commented 3 months ago

Roadmap initialized on https://github.com/microcks/.github/issues/15 must be replicated in this repo main branch => We should update GH Action exclusions rules to avoid triggering build on this file update.

yada commented 3 months ago

@lbroudoux same for https://github.com/microcks/.github/blob/main/ADOPTERS.md => We should update GH Action exclusions rules to avoid triggering build on this file update.

yada commented 3 months ago

Starting to have effects 👏

yada commented 3 months ago

Very good progress done so far:

Now we need to focus on some security checks to target 100%, let do it 🙌

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity :sleeping:

It will be closed in 30 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation.

There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. Microcks is a Cloud Native Computing Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.

Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here.

Thank you for your patience :heart:

lbroudoux commented 1 month ago

Security just raised to 59 😉

yada commented 2 weeks ago

The score decreased as we added more repos. See: https://github.com/cncf/clomonitor/pull/1571 But this was expected, and we are working on automation to improve it. Ref: https://github.com/microcks/.github/issues/16

yada commented 1 week ago

The overall score for all our repos is back to 70 👍 Still, some improvement is to come.

microcks / microcks