Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

setup ossf scorecard reporting for NodeSecure #21

Closed
fraxken opened this issue Feb 24, 2023 · 5 comments · Fixed by #23 or #26
Closed

setup ossf scorecard reporting for NodeSecure #21

fraxken opened this issue Feb 24, 2023 · 5 comments · Fixed by #23 or #26
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@fraxken
Copy link
Member

fraxken commented Feb 24, 2023

Hello 👋

I think it could be cool to configure and use @UlisesGascon OpenSSF Scorecard Monitor project to generate a markdown file with all scorecard scores from our org repositories.

See the following ongoing PR for an example: nodejs/security-wg#886

If anyone would like to contribute and help, please do not hesitate
@fraxken fraxken added good first issue Good for newcomers help wanted Extra attention is needed labels Feb 24, 2023
@UlisesGascon
Copy link
Contributor

I will love to do it! 🎉

@fraxken
Copy link
Member Author

fraxken commented Mar 4, 2023

@UlisesGascon If you want to do it don't hesitate, I was waiting to see if some contributors would take the subject (but no one manifest interest).

UlisesGascon added a commit to UlisesGascon/Governance that referenced this issue Mar 12, 2023
@UlisesGascon
feat: setup ossf scorecard reporting for NodeSecure
cdcec66 
close NodeSecure#21
@UlisesGascon UlisesGascon mentioned this issue Mar 12, 2023
Merged
fraxken pushed a commit that referenced this issue Mar 13, 2023
@UlisesGascon
feat: setup ossf scorecard reporting for NodeSecure (#23)
8d7d207 
close #21
@fraxken fraxken reopened this Mar 17, 2023
@fraxken
Copy link
Member Author

fraxken commented Mar 17, 2023

@UlisesGascon doesn't seem to work, any idea why ? (I runned the workflow myself).

image

@UlisesGascon
Copy link
Contributor

Let me check, this is the expected output if there are no changes since the last analysis. So there is a bug, I will investigate it

UlisesGascon added a commit to UlisesGascon/openssf-scorecard-monitor-demo that referenced this issue Mar 18, 2023
@UlisesGascon
chore: replicated bug in nodesecure
823f61e 
See: NodeSecure/Governance#21
@UlisesGascon UlisesGascon mentioned this issue Mar 18, 2023
Merged
@UlisesGascon
Copy link
Contributor

I will do a PR to fix this. There is typo in the name. This discovery-orgs: 'nodesecure' should be the same name as the github login value, in this case discovery-orgs: 'NodeSecure'.

The workflow didn't find any scoring for your organization as the OpenSSF Scorecard is case sensitive:

Full Debug log, just in case you want to explore it.

screencapture-github-UlisesGascon-openssf-scorecard-monitor-demo-actions-runs-4454394530-jobs-7823551149-2023-03-18-09_06_47

Note You can always run the Github Action in Debug mode, this can provide you a lot of info as I added some debug traces too 👍

@UlisesGascon UlisesGascon mentioned this issue Mar 18, 2023
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
2 participants
@fraxken @UlisesGascon