You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The RepoClient interface contains shared functionality between forges. However when a feature is forge specific, it becomes difficult to query it without polluting the RepoClient interface. This makes it difficult to support issues (such as #2465) which is a GitHub specific implementation to a portion of the Security-Policy check.
requiring approval for external contributor workflow runs (GitHub, not an API yet, link)
Describe alternatives you've considered
We could add something like ListSecurityPolicies, but that seems short sighted for this problem. There are other features we'd like to one day query, and we can't add a method for all of them.
We could also "inject" this private reporting as a file. So that we create a fake file which would be detected normally by the current Security-Policy check. This might work for this specific example, but would fail on other features.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
The RepoClient interface contains shared functionality between forges. However when a feature is forge specific, it becomes difficult to query it without polluting the RepoClient interface. This makes it difficult to support issues (such as #2465) which is a GitHub specific implementation to a portion of the
Security-Policy
check.scorecard/clients/repo_client.go
Lines 31 to 35 in 0b9dfb6
Describe the solution you'd like
There should be a way of querying platform specific values.
Other examples of features we might want to be able to query (although can't yet):
hasVulnerabilityAlertsEnabled
(GitHub link)Describe alternatives you've considered
We could add something like
ListSecurityPolicies
, but that seems short sighted for this problem. There are other features we'd like to one day query, and we can't add a method for all of them.We could also "inject" this private reporting as a file. So that we create a fake file which would be detected normally by the current Security-Policy check. This might work for this specific example, but would fail on other features.
The text was updated successfully, but these errors were encountered: