Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Existing OpenSSF best practices badge isn't added to a scorecard report #4037

Closed
yrusskih opened this issue Apr 16, 2024 · 4 comments
Closed

Existing OpenSSF best practices badge isn't added to a scorecard report #4037

yrusskih opened this issue Apr 16, 2024 · 4 comments
Labels
check/CII-Best-Practices cron-job kind/bug Something isn't working

Comments

@yrusskih
Copy link

Describe the bug
Report doesn't include info about an existing OpenSSF best practices badge.

Reproduction steps
Steps to reproduce the behavior:

  1. Fill data necessary for a badge - https://www.bestpractices.dev/en/projects/8774.
  2. Open OpenSSF Scorecard Report for the project https://securityscorecards.dev/viewer/?uri=github.com/JetBrains/intellij-community.

Expected behavior
A badge is taken into account for a score and is mentioned in the report.

Actual behavior
The report says "no effort to earn an OpenSSF best practices badge detected".

Additional context
The reason is presumably that badge app requires an URL to a project with "https" while the scorecard report needs the opposite.
@yrusskih yrusskih added the kind/bug Something isn't working label Apr 16, 2024
@spencerschrock
Copy link
Contributor

When I run from the command line I see the progress.

scorecard --repo JetBrains/intellij-community --checks CII-Best-Practices --format json --show-details | jq
{
  "date": "2024-04-30T13:39:01-07:00",
  "repo": {
    "name": "github.com/JetBrains/intellij-community",
    "commit": "01b6876bec945bd06e1e375c9ab65a3f4cceedad"
  },
  "scorecard": {
    "version": "devel",
    "commit": "unknown"
  },
  "score": 2.0,
  "checks": [
    {
      "details": null,
      "score": 2,
      "reason": "badge detected: InProgress",
      "name": "CII-Best-Practices",
      "documentation": {
        "url": "https://github.com/ossf/scorecard/blob/main/docs/checks.md#cii-best-practices",
        "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge."
      }
    }
  ],
  "metadata": null
}

I believe this is a problem with our weekly scan infrastructure which has been having issues recently. (related #3983)

@larseggert
Copy link

I see the same issue with https://github.com/mozilla/neqo which has a badge (https://www.bestpractices.dev/en/projects/8831)

@spencerschrock spencerschrock mentioned this issue May 7, 2024
Merged
2 tasks
@spencerschrock
Copy link
Contributor

We were being bad API users so our requests were erroring out. This put the microservice responsible for refreshing the data was in a failure loop. I've submitted a PR to hopefully correct the issue.

@spencerschrock spencerschrock mentioned this issue May 8, 2024
Merged
2 tasks
@spencerschrock
Copy link
Contributor

The underlying issue has been fixed.

Unfortunately it will take some time to see the fix on your end as both of your repos were already processed for the May 6th weekly run. The value will be correct when re-analyzed during the May 13th run which will be visible to you on May 20th.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
check/CII-Best-Practices cron-job kind/bug Something isn't working
Projects
Scorecard - NEW
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@larseggert @spencerschrock @yrusskih