Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scorecard should try to earn a CII Best Practices badge #1032

Closed
david-a-wheeler opened this issue Sep 16, 2021 · 12 comments
Closed

Scorecard should try to earn a CII Best Practices badge #1032

david-a-wheeler opened this issue Sep 16, 2021 · 12 comments
Assignees
Labels
kind/enhancement New feature or request Stale

Comments

@david-a-wheeler
Copy link
Contributor

Is your feature request related to a problem? Please describe.
Scorecard should try to earn a CII Best Practices badge.

Additional context
Both scorecard & the CII Best Practices badge are OpenSSF projects focused on best practices to improve OSS security. They have different approaches and somewhat different criteria, but I think each would be helped by working on the other. I'm the lead of the CII Best Practices badge project, and I'm trying to meet the scorecard criteria (or complain when I think there's a problem). I think it'd be great if scorecard reciprocated.

@github-actions
Copy link

Stale issue message

@naveensrinivasan
Copy link
Member

Not stale.

@david-a-wheeler
Copy link
Contributor Author

Happy to help if you'd like!

@naveensrinivasan
Copy link
Member

Yes,Thank you! What is the process?

@laurentsimon
Copy link
Contributor

I've started the process by clicking "get a badge". Waiting for OSSF to accept the OAuth request.

@david-a-wheeler
Copy link
Contributor Author

david-a-wheeler commented Feb 4, 2022

@laurentsimon - presuming you're logged into GitHub, the "get a badge" click should have gotten you to a list & getting started pretty quickly. If you're hung, something is wrong.

To start you should be able to just go to the best practices home page, click on "Get Your Badge Now!", log in, and tell it the URL of scorecard https://github.com/ossf/scorecard.

What happened? If you're stuck I want to make sure you (& anyone else) gets unstuck :-).

@laurentsimon
Copy link
Contributor

I indeed got a list of repos, but ossf/scorecard does not show up. I think it's because the OAuth does not have the scope to read it, I see "Access request pending" under Installation > Application

@azeemshaikh38
Copy link
Contributor

@justaugustus assigning this to you since you earned Scorecard a CII Best Practices badge (yay, thanks a lot!). We can close this unless you plan on working on this further and want to use this to track your progress.

@justaugustus
Copy link
Member

@justaugustus assigning this to you since you earned Scorecard a CII Best Practices badge (yay, thanks a lot!). We can close this unless you plan on working on this further and want to use this to track your progress.

Will keep this open as there's still a bunch to do! :)

Copy link

github-actions bot commented Nov 5, 2023

This issue is stale because it has been open for 60 days with no activity.

@github-actions github-actions bot added the Stale label Nov 5, 2023
@afmarcum afmarcum moved this to In Progress in Scorecard - NEW Mar 7, 2024
@afmarcum
Copy link
Contributor

afmarcum commented Mar 7, 2024

@justaugustus Scorecard now has a "passing" BP badge. Do we want to continue working toward silver or gold level badges at this time or do we consider this issue done?

@justaugustus
Copy link
Member

Closing this, as leaving it open for all badge levels might be too much.

I'll open additional issues as needed, as part of the "Apply for appropriate status in OpenSSF project lifecycle" task in #4073.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement New feature or request Stale
Projects
Status: Done
Status: Done
Development

No branches or pull requests

6 participants