Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OpenSSF Scorecards GitHub Action #11348

Merged
merged 5 commits into from Sep 29, 2023
Merged

Add OpenSSF Scorecards GitHub Action #11348

merged 5 commits into from Sep 29, 2023

Conversation

gabibguti
Copy link
Contributor

Closes #11325

As described in the issue, this PR adds the OpenSSF Scorecards GitHub Action, which automatically checks the repo's supply-chain security processes and reports results to the repo's Security dashboard.

I have included some optional settings, but let me know if you would like them removed :)

  • Added the badge to the README.md displaying the project's score. (optional)
  • Added Google's copyright notice to scorecards.yml file. (optional)

@roidelapluie
Copy link
Member

Why not running on prs?

@gabibguti
Copy link
Contributor Author

Why not running on prs?

Scorecards does not fully work on "pull_request" triggers yet. They are working on supporting it. If you allow me, I'd say we wait for the official support.
ossf/scorecard-action#109

@roidelapluie
Copy link
Member

Thanks!

@roidelapluie roidelapluie self-assigned this Jul 11, 2023
gabibguti and others added 5 commits September 29, 2023 13:21
@gabibguti @roidelapluie
Create scorecards.yml
a1c1fc8 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
@gabibguti @roidelapluie
Add OpenSSF Scorecard badge to README.md
9a628bb 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
@gabibguti @roidelapluie
Add Google copyright notice
17caa50 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
@gabibguti @roidelapluie
Fix trailing spaces
6237aba 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
@roidelapluie
OpenSSF: Run on main and PR's
19b4cb2 
Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@roidelapluie roidelapluie merged commit 77bc6b0 into prometheus:main Sep 29, 2023
21 checks passed
@roidelapluie
Copy link
Member

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roidelapluie roidelapluie Awaiting requested review from roidelapluie

Assignees

@roidelapluie roidelapluie

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add the OpenSSF Scorecard GitHub Action
2 participants
@gabibguti @roidelapluie