Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OpenSSF Scorecard #789

Merged
merged 3 commits into from
Jun 12, 2024
Merged

Add OpenSSF Scorecard #789

merged 3 commits into from
Jun 12, 2024

Conversation

jaredfholgate
Copy link
Member

@jaredfholgate jaredfholgate commented Jun 11, 2024
edited
Loading

Overview/Summary

This PR adds the OpenSSF scorecard and associated badge.

This PR fixes/adds/changes/removes

N/A

Breaking Changes

N/A

Testing Evidence

N/A

As part of this Pull Request I have

@jaredfholgate jaredfholgate self-assigned this Jun 11, 2024
@jaredfholgate jaredfholgate marked this pull request as ready for review June 11, 2024 12:56
@jaredfholgate jaredfholgate requested a review from a team as a code owner June 11, 2024 12:56
jtracey93
jtracey93 requested changes Jun 11, 2024
View reviewed changes
.github/workflows/scorecard.yml
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
repo_token: ${{ secrets.SCORECARD_TOKEN }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i dont see this secret in the repo?

Also we have branch protection enabled, so how will that work?

Copy link
Member Author

@jaredfholgate jaredfholgate Jun 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. It ignores this secret if it does not exist, I added it in case we wanted to go down that route, but doesn't matter that it isn't there.

I added a comment on the work item about this too: https://dev.azure.com/CSUSolEng/Azure%20Landing%20Zones/_workitems/edit/35169#14168293

In summary we need to move away from legacy branch protection rules to using rulesets instead and then we can forget about this secret.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed on the call with @jaredfholgate, we are good at this point.

@oZakari oZakari merged commit 56e2292 into main Jun 12, 2024
5 checks passed
@oZakari oZakari deleted the add-openssf-scorecard branch June 12, 2024 12:58
oZakari pushed a commit that referenced this pull request Jun 18, 2024
@jaredfholgate @oZakari
Add OpenSSF Scorecard (#789)
1ac7df5 
* Create scorecard.yml

* Update README.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oZakari oZakari oZakari left review comments

@jtracey93 jtracey93 jtracey93 requested changes

Assignees

@jaredfholgate jaredfholgate

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jaredfholgate @oZakari @jtracey93