CI: Report scoring differences for PRs that modify scorecard checks #2462
Assignees
Labels
kind/enhancement
New feature or request
Comments
This was referenced Jul 17, 2023
This was referenced Aug 2, 2023
2 tasks
|
Stale issue message - this issue will be closed in 7 days |
2 tasks
2 tasks
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
As discussed during the 11/17 OpenSSF scorecard meeting, contributor who make changes to scorecard could potentially drastically alter scorecard scores. It should be easier to determine how a change impacts scorecard scores on top projects.
Describe the solution you'd like
Contributions to scorecard should have an easy way to analyze how their branch changes would affect scorecard scoring on a set of repos, and self-reporting this should be part of the pull request guidelines.
Describe alternatives you've considered
One alternative was raised to run this analysis as part of any CI jobs, however, this may exhaust the GitHub API token quota and cause us to get rate limited.
Additional context
@shissam hints that they may have done prior work automating the process of inspecting score diffs for their PRs in this discussion.
The text was updated successfully, but these errors were encountered: