Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Add a check ID to each check #2577

Open
lukehinds opened this issue Jan 3, 2023 · 1 comment · May be fixed by #4021
Open

Feature: Add a check ID to each check #2577

lukehinds opened this issue Jan 3, 2023 · 1 comment · May be fixed by #4021
Assignees
@ashearin
Labels
kind/enhancement New feature or request
Milestone
Structured results

Comments

@lukehinds
Copy link

lukehinds commented Jan 3, 2023
edited

The current API only has a string available for a consumer to match, e.g.

{
      "name": "Dangerous-Workflow",
      "reason": "dangerous workflow patterns detected",
      "details": [
        "Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integration.yml:45"
      ],
      "documentation": {
        "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns.",
        "url": "https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#dangerous-workflow"
      }
    },

A more easily leveraged approach is the implement a check number. This way people can match against an integer (generally less error prone then string matching). They can then also easily do things such as implement a list of check numbers they wish to ignore.

I recommend something like:

{
      "id": 1
      "name": "Binary-Artifacts",
      "score": 10,
      "reason": "no binaries found in the repo",
      "details": null,
      "documentation": {
        "short": "Determines if the project has generated executable (binary) artifacts in the source repository.",
        "url": "https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#binary-artifacts"
      }
    },
@lukehinds lukehinds added the kind/enhancement New feature or request label Jan 3, 2023
@spencerschrock spencerschrock mentioned this issue Jan 6, 2023
Merged
@github-actions
Copy link

Stale issue message - this issue will be closed in 7 days

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 25, 2023
@spencerschrock spencerschrock added this to the Structured results milestone Nov 22, 2023
@ashearin ashearin self-assigned this Apr 10, 2024
@ashearin ashearin linked a pull request Apr 10, 2024 that will close this issue
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashearin ashearin

Labels
kind/enhancement New feature or request
Projects
Scorecard - NEW
Status: Review in progress
Milestone
Structured results
Development

Successfully merging a pull request may close this issue.

✨ Add check ID ashearin/scorecard-sandbox
3 participants
@spencerschrock @lukehinds @ashearin