Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: FR: add trust signals from deps.dev, OpenSSF #47463

Open
Sajmani opened this issue Jul 29, 2021 · 2 comments
Open

x/pkgsite: FR: add trust signals from deps.dev, OpenSSF #47463

Sajmani opened this issue Jul 29, 2021 · 2 comments

Comments

@Sajmani
Copy link
Contributor

@Sajmani Sajmani commented Jul 29, 2021

I'm posting this as a public issue to get a sense of community interest in this feature request.

What is the URL of the page with the issue?

Any package page, for example: https://pkg.go.dev/cloud.google.com/go/bigtable

What is your user agent?

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36

Screenshot

image

What did you do?

Looked for more information about whether this package is trustworthy.

What did you expect to see?

The deps.dev page for this package has lots of useful information, notably the OpenSSF scorecard:
https://deps.dev/go/cloud.google.com%2Fgo%2Fbigtable/v1.10.1

image

What did you see instead?

We should consider whether pkg.go.dev should display the same info, perhaps fetched via deps.dev's API, if it exposes this.

@gopherbot gopherbot added this to the Unreleased milestone Jul 29, 2021
@julieqiu julieqiu removed this from the Unreleased milestone Jul 29, 2021
@julieqiu julieqiu added this to the pkgsite/unplanned milestone Jul 29, 2021
@c16a
Copy link

@c16a c16a commented Aug 22, 2021

Would it be better if we embedded a link into pkgs.go.dev? Because so far, deps.dev doesn't expose an API.

@Sajmani
Copy link
Contributor Author

@Sajmani Sajmani commented Aug 22, 2021

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants