sesheta
commented
2 years ago @mayaCostantini: This issue is currently awaiting triage.
If a refinement session determines this is a relevant issue, it will accept the issue by applying the
triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
mayaCostantini
goern
This issue is part of the following EPIC: https://github.com/thoth-station/core/issues/434
2. Compute metrics for packages present in Thoth's database that will serve as a basis for a global software stack quality score
Taking the example of OSSF Scorecards, we already aggregate this information in prescriptions which are used directly by the adviser. However, the aggregation logic present in prescriptions-refresh-job only updates prescriptions for packages already present in the repository. We could either aggregate Scorecards data for more packages using the OSSF BigQuery dataset or have our own tool that computes Scorecards metrics on a new package release, which could be integrated directly into package-update-job for instance. This would most likely consist in a simple script querying the GitHub API and computing the metrics on the project's last release commit.
Aggregate Scorecards metrics on a new package release using one of the two methods above
For the corresponding ADR proposal on how to aggregate the Scorecard data, see https://github.com/thoth-station/core/pull/439
Next steps: