search

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.39k stars 482 forks source link

Feature scorecard.Run() should take a leveled logging object/interface instead of or alternatively to log level. #4257

Open jeffmendoza opened 1 month ago

jeffmendoza commented 1 month ago

Is your feature request related to a problem? Please describe. Describe the solution you'd like

In order to use structured logging and add additional key/values, scorecard.Run() should take a logger interface (of it's own design) and use that for logging.

I recommend something like this: https://pkg.go.dev/github.com/hashicorp/go-retryablehttp#LeveledLogger That can be implemented by any number of popular loggers, then the calling program can decide what to log or configure the level of the underlying logger.

Describe alternatives you've considered The logging level is good, but still logs in unstructured format

spencerschrock commented 1 month ago

I recommend something like this: https://pkg.go.dev/github.com/hashicorp/go-retryablehttp#LeveledLogger

The standard library also has a structured logging library now too :)

jeffmendoza commented 1 month ago

Looks like the linked interface would work directly with a https://pkg.go.dev/log/slog@go1.22.5#Logger or a https://pkg.go.dev/go.uber.org/zap#SugaredLogger among others.