Add Scorecard badge to readme #47443
Conversation
pkozlowski-opensource
added
comp: docs
area: dev-infra
pkozlowski-opensource
added
action: review
devversion
requested review from
josephperrott
and removed request for
devversion
|
@diogoteles08 Can you fix your commit messages scopes? It looks like you have types but not scopes, which is causing our lint check to fail. They're the thing that goes in the (). You can find a list of valid scopes in the CONTRIBUTING.md file. |
|
Sure! Will do that |
Add a new permission to the scorecard job, which is necessary for the badge. Further info can be seen here: https://github.com/ossf/scorecard-action#manual-action-setup
|
Hi! I was able to fix the commit message issues, but seems like I'm getting another error on CircleCI that I don't think was caused by my changes. It says |
|
After consideration and discussing within the team, we determined we actually do not want to include the scorecard badge in our readme as the information is not actionable or inherently useful for our community without a lot of additional understanding and context. |
|
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
PR Checklist
Please check if your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
Issue Number: N/A
What is the new behavior?
This PR adds the badge of OpenSSF Scorecard to the README of the project. It's a recent feature, has been adopted by many big projects already and helps showing off your hard work to improve security practices. Badges are especially useful for maintainers, who will be able to assess dependencies at a glance, and adopting it encourages new adopters of Scorecards and help raise the collective level of open source security.
Any doubts or questions please feel free to reach out to me.
Does this PR introduce a breaking change?
Other information