Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Main Changes
This pipeline will proactively report the status of the project (every day and when a push is done to
master
branch) including critical fields (CI-Tests
,Contributors
,Dependency-Update-Tool
,Webhooks
) that are missing while running via OSSF cron jobs.Important
Also includes a migration from Travis to GitHub Actions
Context
Changes related
It's also possible that some repositories in your organization are already being automatically tracked by OpenSSF in this CSV file via weekly cronjob. One caveat: Automatically tracked projects do not include ossf/scorecard#3438 in their analysis (CI-Tests,Contributors,Dependency-Update-Tool,Webhooks).
Source: openssf-scorecard-monitor documentation
Team discussion related
Ref: expressjs/security-wg#2
Report:https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/etag/commit/4664b6e53c85a56521076f9c5004dd9626ae10c8
Changelog
3925129 add OSSF scorecard action by @carpasse
Important
This pull request relies on and incorporates changes from #32, so it should be merged after it.