search

mitre / hipcheck

Automatically assess and score software repositories for supply chain risk.
https://mitre.github.io/hipcheck/
Apache License 2.0
62 stars 3 forks source link

Document what a "concerning" contributer means #211

Closed japharl closed 1 month ago

japharl commented 1 month ago

If possible, please define what a "concerning" contributor test means. Eg. 

          Failing
                - has concerning contributors
                  733 found, 0 permitted
                  Both - affiliation count 2

Which contributors / why were they (all) flagged? What affiliations were concerning?

alilleybrinker commented 1 month ago

Thanks for asking! This is documented on the Hipcheck website as part of the Complete Guide to Hipcheck. We do have a goal of improving the clarity of Hipcheck's output, but it's not on the immediate roadmap. I'd guess this would be more of a focus starting around the 3.7 milestone.