Determine Sub-Scores for Scorecard Results of this Repo and Assess if Any Actions Should Be Taken

spdx / ntia-conformance-checker

Check SPDX SBOM for NTIA minimum elements

Apache License 2.0

52 stars 19 forks source link

Determine Sub-Scores for Scorecard Results of this Repo and Assess if Any Actions Should Be Taken #192

Open jspeed-meyers opened 3 months ago

jspeed-meyers commented 3 months ago

These is now a Scorecard score on the README. I'd be curious to run the tool on this repo and assess what the different sub-scores are. Additionally, I'd be curious if there is anything this project could do to improve the scores and, finally, if any of those possible actions are "worth" it.

jspeed-meyers commented 2 months ago

The results of Scorecard for this repo can be viewed in a UI here.

jspeed-meyers commented 2 months ago

One of the low-hanging fruit appears to be adding a SECURITY.md file. I've done that in PR #195. Feedback welcome.

jspeed-meyers commented 20 hours ago

https://github.com/stacklok/frizbee could could be useful for pinning the versions of the GitHub Actions.