lower license score alert threshold to 9 (#1411)

When the threshold was introduced, the license check was a boolean check: 0 points for no license, and 10 points with a license. This later changed as covered in ossf/scorecard#1369 As the last point relies on SPDX detection, it's often flaky. Lowering the threshold allows us to still warn if a license isn't detected but not expect perfection. Signed-off-by: Spencer Schrock <sschrock@google.com>
ossf · Jul 23, 2024 · c09630c · c09630c
1 parent cf8594c
commit c09630c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/policies/template.yml b/policies/template.yml
@@ -27,7 +27,7 @@ policies:
       score: 10
       mode: enforced
   License:
-      score: 10
+      score: 9
       mode: enforced
   Pinned-Dependencies:
       score: 10