-
Notifications
You must be signed in to change notification settings - Fork 24.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Scorecard badge to readme #47443
Conversation
@diogoteles08 Can you fix your commit messages scopes? It looks like you have types but not scopes, which is causing our lint check to fail. They're the thing that goes in the (). You can find a list of valid scopes in the CONTRIBUTING.md file. |
Sure! Will do that |
Add a new permission to the scorecard job, which is necessary for the badge. Further info can be seen here: https://github.com/ossf/scorecard-action#manual-action-setup
Hi! I was able to fix the commit message issues, but seems like I'm getting another error on CircleCI that I don't think was caused by my changes. It says |
After consideration and discussing within the team, we determined we actually do not want to include the scorecard badge in our readme as the information is not actionable or inherently useful for our community without a lot of additional understanding and context. |
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
PR Checklist
Please check if your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
Issue Number: N/A
What is the new behavior?
This PR adds the badge of OpenSSF Scorecard to the README of the project. It's a recent feature, has been adopted by many big projects already and helps showing off your hard work to improve security practices. Badges are especially useful for maintainers, who will be able to assess dependencies at a glance, and adopting it encourages new adopters of Scorecards and help raise the collective level of open source security.
Any doubts or questions please feel free to reach out to me.
Does this PR introduce a breaking change?
Other information