New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Existing OpenSSF best practices badge isn't added to a scorecard report #4037
Comments
When I run from the command line I see the progress. scorecard --repo JetBrains/intellij-community --checks CII-Best-Practices --format json --show-details | jq
{
"date": "2024-04-30T13:39:01-07:00",
"repo": {
"name": "github.com/JetBrains/intellij-community",
"commit": "01b6876bec945bd06e1e375c9ab65a3f4cceedad"
},
"scorecard": {
"version": "devel",
"commit": "unknown"
},
"score": 2.0,
"checks": [
{
"details": null,
"score": 2,
"reason": "badge detected: InProgress",
"name": "CII-Best-Practices",
"documentation": {
"url": "https://github.com/ossf/scorecard/blob/main/docs/checks.md#cii-best-practices",
"short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge."
}
}
],
"metadata": null
} I believe this is a problem with our weekly scan infrastructure which has been having issues recently. (related #3983) |
I see the same issue with https://github.com/mozilla/neqo which has a badge (https://www.bestpractices.dev/en/projects/8831) |
We were being bad API users so our requests were erroring out. This put the microservice responsible for refreshing the data was in a failure loop. I've submitted a PR to hopefully correct the issue. |
The underlying issue has been fixed. Unfortunately it will take some time to see the fix on your end as both of your repos were already processed for the May 6th weekly run. The value will be correct when re-analyzed during the May 13th run which will be visible to you on May 20th. |
Describe the bug
Report doesn't include info about an existing OpenSSF best practices badge.
Reproduction steps
Steps to reproduce the behavior:
Expected behavior
A badge is taken into account for a score and is mentioned in the report.
Actual behavior
The report says "no effort to earn an OpenSSF best practices badge detected".
Additional context
The reason is presumably that badge app requires an URL to a project with "https" while the scorecard report needs the opposite.
The text was updated successfully, but these errors were encountered: