badges · repo-ranger · Apr 23, 2022 · Mar 6, 2022 · Mar 6, 2022 · Mar 22, 2022
diff --git a/services/ossf-scorecard/ossf-scorecard.service.js b/services/ossf-scorecard/ossf-scorecard.service.js
@@ -0,0 +1,55 @@
+import Joi from 'joi'
+import { BaseJsonService } from '../index.js'
+import { colorScale } from '../color-formatters.js'
+
+const schema = Joi.object({
+  score: Joi.number().min(0).required(),
+}).required()
+
+const ossfScorecardColorScale = colorScale(
+  [2, 5, 8, 10],
+  ['red', 'yellow', 'yellowgreen', 'green', 'brightgreen']
+)
+
+export default class OSSFScorecard extends BaseJsonService {
+  static category = 'analysis'
+
+  static route = { base: 'ossf-scorecard', pattern: ':host/:orgName/:repoName' }
+
+  static examples = [
+    {
+      title: 'OSSF-Scorecard Score',
+      namedParams: {
+        host: 'github.com',
+        orgName: 'rohankh532',
+        repoName: 'org-workflow-add',
+      },
+      staticPreview: this.render({ score: '7.5' }),
+    },
+  ]
+
+  static defaultBadgeData = { label: 'score' }
+
+  static render({ score }) {
+    return {
+      message: score,
+      color: ossfScorecardColorScale(score),
+    }
+  }
+
+  async fetch({ host, orgName, repoName }) {
+    return this._requestJson({
+      schema,
+      url: `https://api.securityscorecards.dev/projects/${host}/${orgName}/${repoName}`,
+      errorMessages: {
+        404: 'invalid repo path',
+      },
+    })
+  }
+
+  async handle({ host, orgName, repoName }) {
+    const { score } = await this.fetch({ host, orgName, repoName })
+
+    return this.constructor.render({ score })
+  }
+}
diff --git a/services/ossf-scorecard/ossf-scorecard.tester.js b/services/ossf-scorecard/ossf-scorecard.tester.js
@@ -0,0 +1,25 @@
+import Joi from 'joi'
+import { createServiceTester } from '../tester.js'
+export const t = await createServiceTester()
+
+t.create('score valid')
+  .get('/github.com/rohankh532/org-workflow-add.json')
+  .expectBadge({
+    label: 'score',
+    message: Joi.number().min(0),
+    color: Joi.string().allow(
+      'red',
+      'yellow',
+      'yellowgreen',
+      'green',
+      'brightgreen'
+    ),
+  })
+
+t.create('score ivalid')
+  .get('/github.com/invalid-user/invalid-repo.json')
+  .expectBadge({
+    label: 'score',
+    message: 'invalid repo path',
+    color: 'red',
+  })