Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup ossf scorecard reporting for NodeSecure #21

Closed
fraxken opened this issue Feb 24, 2023 · 5 comments · Fixed by #23 or #26
Closed

setup ossf scorecard reporting for NodeSecure #21

fraxken opened this issue Feb 24, 2023 · 5 comments · Fixed by #23 or #26
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@fraxken
Copy link
Member

fraxken commented Feb 24, 2023

Hello 👋

I think it could be cool to configure and use @UlisesGascon OpenSSF Scorecard Monitor project to generate a markdown file with all scorecard scores from our org repositories.

See the following ongoing PR for an example: nodejs/security-wg#886

If anyone would like to contribute and help, please do not hesitate
@fraxken fraxken added good first issue Good for newcomers help wanted Extra attention is needed labels Feb 24, 2023
@UlisesGascon
Copy link
Contributor

I will love to do it! 🎉

@fraxken
Copy link
Member Author

fraxken commented Mar 4, 2023

@UlisesGascon If you want to do it don't hesitate, I was waiting to see if some contributors would take the subject (but no one manifest interest).

UlisesGascon added a commit to UlisesGascon/Governance that referenced this issue Mar 12, 2023
@UlisesGascon
feat: setup ossf scorecard reporting for NodeSecure
cdcec66 
close NodeSecure#21
@UlisesGascon UlisesGascon mentioned this issue Mar 12, 2023
Merged
fraxken pushed a commit that referenced this issue Mar 13, 2023
@UlisesGascon
feat: setup ossf scorecard reporting for NodeSecure (#23)
8d7d207 
close #21
@fraxken fraxken reopened this Mar 17, 2023
@fraxken
Copy link
Member Author

fraxken commented Mar 17, 2023

@UlisesGascon doesn't seem to work, any idea why ? (I runned the workflow myself).

image

@UlisesGascon
Copy link
Contributor

Let me check, this is the expected output if there are no changes since the last analysis. So there is a bug, I will investigate it

UlisesGascon added a commit to UlisesGascon/openssf-scorecard-monitor-demo that referenced this issue Mar 18, 2023
@UlisesGascon
chore: replicated bug in nodesecure
823f61e 
See: NodeSecure/Governance#21
@UlisesGascon UlisesGascon mentioned this issue Mar 18, 2023
Merged
@UlisesGascon
Copy link
Contributor

I will do a PR to fix this. There is typo in the name. This discovery-orgs: 'nodesecure' should be the same name as the github login value, in this case discovery-orgs: 'NodeSecure'.

The workflow didn't find any scoring for your organization as the OpenSSF Scorecard is case sensitive:

Full Debug log, just in case you want to explore it.

screencapture-github-UlisesGascon-openssf-scorecard-monitor-demo-actions-runs-4454394530-jobs-7823551149-2023-03-18-09_06_47

Note You can always run the Github Action in Debug mode, this can provide you a lot of info as I added some debug traces too 👍

@UlisesGascon UlisesGascon mentioned this issue Mar 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
2 participants
@fraxken @UlisesGascon