-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scorecard should try to earn a CII Best Practices badge #1032
Comments
Stale issue message |
Not stale. |
Happy to help if you'd like! |
Yes,Thank you! What is the process? |
I've started the process by clicking "get a badge". Waiting for OSSF to accept the OAuth request. |
@laurentsimon - presuming you're logged into GitHub, the "get a badge" click should have gotten you to a list & getting started pretty quickly. If you're hung, something is wrong. To start you should be able to just go to the best practices home page, click on "Get Your Badge Now!", log in, and tell it the URL of scorecard https://github.com/ossf/scorecard. What happened? If you're stuck I want to make sure you (& anyone else) gets unstuck :-). |
I indeed got a list of repos, but |
@justaugustus assigning this to you since you earned Scorecard a CII Best Practices badge (yay, thanks a lot!). We can close this unless you plan on working on this further and want to use this to track your progress. |
Will keep this open as there's still a bunch to do! :) |
This issue is stale because it has been open for 60 days with no activity. |
@justaugustus Scorecard now has a "passing" BP badge. Do we want to continue working toward silver or gold level badges at this time or do we consider this issue done? |
Closing this, as leaving it open for all badge levels might be too much. I'll open additional issues as needed, as part of the "Apply for appropriate status in OpenSSF project lifecycle" task in #4073. |
Is your feature request related to a problem? Please describe.
Scorecard should try to earn a CII Best Practices badge.
Additional context
Both scorecard & the CII Best Practices badge are OpenSSF projects focused on best practices to improve OSS security. They have different approaches and somewhat different criteria, but I think each would be helped by working on the other. I'm the lead of the CII Best Practices badge project, and I'm trying to meet the scorecard criteria (or complain when I think there's a problem). I think it'd be great if scorecard reciprocated.
The text was updated successfully, but these errors were encountered: