Publishing Scorecard data

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source

https://scorecard.dev

Apache License 2.0

4.27k stars 463 forks source link

Publishing Scorecard data #218

Closed naveensrinivasan closed 3 years ago

naveensrinivasan commented 3 years ago

The cron runs the scorecard data for multiple repositories and it is published via the GCS bucket gs://ossf-scorecards/. It would be easier to consume this data if it can be published into BigQuery and CDN.

naveensrinivasan commented 3 years ago

For example, a use case would be to run scorecard on envoy dependencies and publish it via BigQuery so that the Envoy team can write a query and use this to make decisions on their dependencies. It is much easier to write queries and it also gives the team how their dependencies are progressing over time by just including the date filter via the query.

inferno-chromium commented 3 years ago

Yes definitely agree, we should publish in bigquery. GCS one is just for easy debugging and in case, people just want to pull the database in one big chunk.

azeemshaikh38 commented 3 years ago

Closing this issue. We now have a cron job which regularly populates the public BigQuery dataset openssf.scorecardcron.scorecard.