Experimental --scoring flag for scorecards metrics

thoth-station / thamos

A CLI tool and library for communicating with Thoth

http://thoth-station.ninja

GNU General Public License v3.0

15 stars 17 forks source link

Experimental --scoring flag for scorecards metrics #1155

Closed mayaCostantini closed 2 years ago

mayaCostantini commented 2 years ago

Related Issues and Dependencies

This introduces a breaking change

This should yield a new module release

This Pull Request implements

Users can pass the --scoring flag to the thamos advise command to get a summary of metrics about the quality of their dependencies as described by Security Scorecards. The next step would be to aggregate metrics about packages present in Thoth's knowledge base to be able to compare the user's dependencies quality to the average dependency quality based on those metrics.

Screenshot from 2022-07-30 12-32-20

mayaCostantini commented 2 years ago

Related to #1148

mayaCostantini commented 2 years ago

@harshad16 @KPostOffice ready for review :+1:

goern commented 2 years ago

/lgtm

mayaCostantini commented 2 years ago

@harshad16 ready for review :+1:

sesheta commented 2 years ago

New changes are detected. LGTM label has been removed.

goern commented 2 years ago

/approve

sesheta commented 2 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: goern

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/thoth-station/thamos/blob/master/OWNERS)~~ [goern] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

goern commented 2 years ago

@mayaCostantini could you do a tiny asciinema demo for the new output?

mayaCostantini commented 2 years ago

@goern Sure