Feature: Probe whether repo has up-to-date CODEOWNERS #3931
Assignees
Labels
check/Contributors
check/Maintained
good first issue
Good for newcomers
kind/enhancement
New feature or request
Comments
raghavkaul
added
kind/enhancement
It may be better to have an "OSPO" focused category for these sort of admin required checks (like Webhooks).
Note: I think this makes an assumption about no external collaborators. I'm guessing the GitHub OSPO didn't have these sort of scenarios. |
|
I'm interested in this issue. I'm here at OpenSSF. |
|
Is there a way to tell whether a repo or org is enforcing org membership for maintainer activities? Maybe the check ignores org membership where it's not enforced. |
|
Duplicate of #1554 (trying to do some issue bookkeeping) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Scorecard should have a probe for whether users in a CODEOWNERS file are still members of the org that the repo belongs to. An up-to-date CODEOWNERS file makes it easier for a contributor to know who can help with a PR or a question about the project. This could use the "Get Organization membership for user" API (which requires a PAT).
Might be a good fit for either the Contributors or Maintained checks.
References:
The text was updated successfully, but these errors were encountered: