search

open-sauced / app

🍕 Insights into your entire open source ecosystem.
https://pizza.new
Apache License 2.0
414 stars 220 forks source link

Feature: replace "Spam" column in Repo Workspaces with "OSSF Scorecard" #3841

Closed jpmcb closed 1 month ago

jpmcb commented 1 month ago

Suggested solution

Instead of the "Spam" column in the Workspace Repos:

image

We should add an OSSF Scorecard column that tracks the repos security posture. This will require a small API change to include the OSSF Scorecard result in the v2/repo/:owner/:name/search endpoint.

This ticket is related to: https://github.com/open-sauced/app/pull/3838 which removes the "Spam" column.

github-actions[bot] commented 1 month ago

Thanks for the issue, our team will look into it as soon as possible! If you would like to work on this issue, please wait for us to decide if it's ready. The issue will be ready to work on once we remove the "needs triage" label.

To claim an issue that does not have the "needs triage" label, please leave a comment that says ".take". If you have any questions, please comment on this issue.

For full info on how to contribute, please check out our contributors guide.

jpmcb commented 1 month ago

Ah - looks like it's already included in the endpoint.

Example:

v2/repos/search?page=1&limit=10&range=30&repoIds=599731589%2C831881376%2C754357181%2C758580752%2C611397346

gets called for one of my workspaces (note the list of Repo IDs from the workspace). This payload looks like:

{
    "data": [
        {
            "full_name": "ublue-os/cosmic",
            "ossf_scorecard_total_score": null,
            "ossf_scorecard_dependency_update_score": null,
            "ossf_scorecard_fuzzing_score": null,
            "ossf_scorecard_maintained_score": null,
            "ossf_scorecard_updated_at": "1970-01-01T00:00:00.000Z",

                        // etc. etc. other fields for the repo
        },

                // etc. etc., other repos in the workspace
    ],
    "meta": {
        "page": 1,
        "limit": 10,
        "itemCount": 5,
        "pageCount": 1,
        "hasPreviousPage": false,
        "hasNextPage": false
    }
}

cc @brandonroberts - this should be 👍🏼 if you wanna stub something out in https://github.com/open-sauced/app/pull/3838 ?

brandonroberts commented 1 month ago

Yep, got it

open-sauced[bot] commented 1 month ago

:tada: This issue has been resolved in version 2.50.0-beta.12 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket:

open-sauced[bot] commented 1 month ago

:tada: This issue has been resolved in version 2.50.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: