ENH: Add OSSF scorecard action to quantify open-source health #7197
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pieper
approved these changes
Aug 28, 2023
jcfr
approved these changes
Aug 28, 2023
There was a problem hiding this comment.
This makes sense, and moving forward we should definitely introduce more badges in the README 👌
The badge currently associated with the README renders like this:
 |
 |
Since the contributed GitHub action has been tested independently in https://securityscorecards.dev/viewer/?uri=github.com/jamesobutler/Slicer, integrating makes sense.
|
Associated GitHub workflow completed ✅ See https://github.com/Slicer/Slicer/actions/runs/6005904413/job/16289500870 
|
|
And score card renders as expected ✔️ See https://securityscorecards.dev/viewer/?uri=github.com/Slicer/Slicer 
|
This was referenced Aug 29, 2023
jcfr
referenced
this pull request
Sep 27, 2023
Qt lupdate threw warnings about unconsumed metadata for lines that had translator's comments (that is exported to the language translation file to provide additonal context for translators) in the same line as the translatable text. For example:
this->SupportedReadFileTypes->InsertNextValue(vtkMRMLTr("vtkMRMLColorTableStorageNode", "MRML Color Table") + " (.ctbl)"); //: file format name
The issue with this is that Qt expects translator comment to be in the previous line like this:
//: File format name
this->SupportedReadFileTypes->InsertNextValue(vtkMRMLTr("vtkMRMLColorTableStorageNode", "MRML Color Table") + " (.ctbl)");
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the OSSF scorecard action (https://github.com/ossf/scorecard-action) to display open-source health.
Some security engineering groups have requested that open-source repositories should display their OSSF score. Adding this GitHub action will help fulfill their request.
numpyis a major open source repo that has adopted the OSSF score and present the badge on their readme.numpy's full scorecard https://securityscorecards.dev/viewer/?uri=github.com/numpy/numpy reports a 7.5 score.As of right now the Slicer OSSF score is a 5.4 for my fork specifically (this will be slightly different for the Slicer upstream as there are protected branches in the upstream which will give a higher score). You may be able to see the score reported on my branch https://securityscorecards.dev/viewer/?uri=github.com/jamesobutler/Slicer.