Skip to content

Commit

Permalink
📖 Clarify CII-Best-Practices score for each badge (ossf#2313)
Browse files Browse the repository at this point in the history
* Clarify CII-Best-Practices score for each badge

Signed-off-by: Hugo van Kemenade <hugovk@users.noreply.github.com>

* Clarify CII-Best-Practices score for each badge

Signed-off-by: Hugo van Kemenade <hugovk@users.noreply.github.com>

* Move to checks.yaml and regenerate

Signed-off-by: Hugo van Kemenade <hugovk@users.noreply.github.com>

Signed-off-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Signed-off-by: nathaniel.wert <nathaniel.wert@kudelskisecurity.com>
  • Loading branch information
hugovk authored and nathaniel.wert committed Nov 28, 2022
1 parent 4d69417 commit f3e4f7b
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
7 changes: 6 additions & 1 deletion docs/checks.md
Original file line number Diff line number Diff line change
Expand Up @@ -161,11 +161,16 @@ which indicates that the project uses a set of security-focused best development
source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.

The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
full credit to projects that meet the [passing criteria](https://bestpractices.coreinfrastructure.org/criteria/0), which is a
full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a
significant achievement for many projects. Lower scores represent a project that
is at least working to achieve a badge, with increasingly more points awarded as
more criteria are met.

- [gold badge](https://bestpractices.coreinfrastructure.org/en/criteria/2): 10
- [silver badge](https://bestpractices.coreinfrastructure.org/en/criteria/1): 7
- [passing badge](https://bestpractices.coreinfrastructure.org/en/criteria/0): 5
- in progress badge: 2

To earn the passing badge, the project MUST:

- publish the process for reporting vulnerabilities on the project site
Expand Down
7 changes: 6 additions & 1 deletion docs/checks/internal/checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -259,11 +259,16 @@ checks:
source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.
The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
full credit to projects that meet the [passing criteria](https://bestpractices.coreinfrastructure.org/criteria/0), which is a
full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a
significant achievement for many projects. Lower scores represent a project that
is at least working to achieve a badge, with increasingly more points awarded as
more criteria are met.
- [gold badge](https://bestpractices.coreinfrastructure.org/en/criteria/2): 10
- [silver badge](https://bestpractices.coreinfrastructure.org/en/criteria/1): 7
- [passing badge](https://bestpractices.coreinfrastructure.org/en/criteria/0): 5
- in progress badge: 2
To earn the passing badge, the project MUST:
- publish the process for reporting vulnerabilities on the project site
Expand Down

0 comments on commit f3e4f7b

Please sign in to comment.