Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add OpenSSF Scorecard and Best Practices Badge to README.md #3338

Merged
merged 1 commit into from
Jan 8, 2024
Merged

docs: add OpenSSF Scorecard and Best Practices Badge to README.md #3338

merged 1 commit into from
Jan 8, 2024

Conversation

gregorywaynepower
Copy link
Contributor

@gregorywaynepower gregorywaynepower commented Jan 7, 2024
edited by neteler
Loading

image

neteler
neteler approved these changes Jan 7, 2024
View reviewed changes
Copy link
Member

@neteler neteler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution!

@neteler neteler added the manual Documentation related issues label Jan 7, 2024
@neteler neteler added this to the 8.4.0 milestone Jan 7, 2024
@gregorywaynepower
Copy link
Contributor Author

Thanks for accepting it! Y'all be interested in a pull request implementing the Open Source Security Foundation's Github Action?

@echoix echoix changed the title add openssf Scorecard and Best Practices Badge to README.md docs: add openssf Scorecard and Best Practices Badge to README.md Jan 8, 2024
@echoix
Copy link
Member

echoix commented Jan 8, 2024

Just changed the title to have it categorized in the release notes ;)

@gregorywaynepower
Copy link
Contributor Author

Thanks @echoix for the correction!

@echoix echoix merged commit c670734 into OSGeo:main Jan 8, 2024
20 checks passed
@echoix
Copy link
Member

echoix commented Jan 8, 2024
edited
Loading

And yes, I’d be glad to see a PR for this. Do you know about how much time it runs? And is it triggered on schedule, or per PR? I’ve juste read about the scorecard and is interesting to point out where to improve.

@echoix echoix changed the title docs: add openssf Scorecard and Best Practices Badge to README.md docs: add OpenSSF Scorecard and Best Practices Badge to README.md Jan 8, 2024
@gregorywaynepower
Copy link
Contributor Author

@echoix I haven't spent time benchmarking how long it takes to run, I haven't found it to be a hassle.. The GitHub Action can be set to run on a schedule and on pushes to the repo. Pull Requests are currently experimental. It provides the same checks as the CLI tool, but it also automates configuration of YML files to provide minimum permissions provided by StepSecurity which is pretty snazzy and automates a huge chunk of the Github Action configuration.

I'm currently working on this for QGIS (qgis/QGIS#55748), once I'm done with them I'll have time to work with y'all.

HuidaeCho pushed a commit to HuidaeCho/grass that referenced this pull request Jan 9, 2024
@gregorywaynepower @HuidaeCho
docs: add OpenSSF Scorecard and Best Practices Badge to README.md (OS…
0b16936 
…Geo#3338)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@echoix echoix echoix approved these changes

@neteler neteler neteler approved these changes

Assignees
No one assigned
Labels
manual Documentation related issues markdown
Projects
GRASS GIS Security
Status: Done
Milestone
8.4.0
Development

Successfully merging this pull request may close these issues.
3 participants
@gregorywaynepower @echoix @neteler