start discussion with ossf/scorecard team to build an initial prototype #1160

zachariahcox · 2024-09-30T13:39:35Z

Goals:

new functionality added to scorecard app in a topic branch
demonstrate reading from rulesets and repositories APIs to validate at least one best practice
demonstrate summarization of those findings into a check that can fail the merge of non-compliant code.

TomHennen · 2024-10-15T19:46:15Z

And join a community meeting to discuss. Apparently the next one is Oct 17th.

@zachariahcox do you have time to pursue this?

adityasaky · 2024-10-15T20:10:41Z

Possibly a starting point: ossf/scorecard#3352

TomHennen · 2024-10-16T19:13:08Z

Possibly a starting point: ossf/scorecard#3352

Commented there!

TomHennen · 2024-10-17T20:56:01Z

Still TBD is who would do this work. (and actually getting a concrete proposal in place to be agreed on more formally)

zachariahcox added this to SLSA Source Track Sep 23, 2024

zachariahcox converted this from a draft issue Sep 30, 2024

github-project-automation bot added this to Issue triage Sep 30, 2024

github-project-automation bot moved this to 🆕 New in Issue triage Sep 30, 2024

zachariahcox removed the status in SLSA Source Track Sep 30, 2024

zachariahcox moved this to Ready for work! in SLSA Source Track Sep 30, 2024

TomHennen mentioned this issue Oct 16, 2024

Output Scorecard results as in-toto attestation ossf/scorecard#3352

Open

zachariahcox added the source-track label Nov 18, 2024

Provide feedback