x/pkgsite: FR: add trust signals from deps.dev, OpenSSF #47463
Labels
FeatureRequest
Issues asking for a new feature that does not need a proposal.
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
pkgsite
Milestone
I'm posting this as a public issue to get a sense of community interest in this feature request.
What is the URL of the page with the issue?
Any package page, for example: https://pkg.go.dev/cloud.google.com/go/bigtable
What is your user agent?
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
Screenshot
What did you do?
Looked for more information about whether this package is trustworthy.
What did you expect to see?
The deps.dev page for this package has lots of useful information, notably the OpenSSF scorecard:
https://deps.dev/go/cloud.google.com%2Fgo%2Fbigtable/v1.10.1
What did you see instead?
We should consider whether pkg.go.dev should display the same info, perhaps fetched via deps.dev's API, if it exposes this.
The text was updated successfully, but these errors were encountered: