Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Review CII Best Practices badge for potential new attributes #1034

Closed
david-a-wheeler opened this issue Sep 16, 2021 · 1 comment
Closed
Labels
kind/enhancement New feature or request

Comments

@david-a-wheeler
Copy link
Contributor

david-a-wheeler commented Sep 16, 2021

Is your feature request related to a problem? Please describe.
The CII Best Practices badge has a number of security-related criteria at 3 levels: passing, silver, and gold. It currently automates some of them, and more might be automatible. It'd be good to review its criteria to see what might be automatable in scorecard. I suspect this would be easier to do after completing #1032.

Describe the solution you'd like
Look at this full list of criteria (all tiers) with details, rationale, and autofill ideas. You may find some of them relatively easy to implement in scorecard. The "autofill" text are notes about how this might be done - if you want to see what the BadgeApp actually implements, see the source code of its detectives.

For example:

  • "The information on how to contribute SHOULD include the requirements for acceptable contributions (e.g., a reference to any required coding standard)." [contribution_requirements] - Look for a CONTRIBUTING{,.md,.txt,.html} file.
  • The project MUST enable one or more compiler warning flags, a "safe" language mode, or use a separate "linter" tool to look for code quality errors or common simple mistakes, if there is at least one FLOSS tool that can implement this criterion in the selected language. [warnings] - look for indicators in various config/build files
@david-a-wheeler david-a-wheeler added the kind/enhancement New feature or request label Sep 16, 2021
@github-actions
Copy link

Stale issue message

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant