Skip to content

Add OpenSSF Scorecards GitHub Action#11348

Merged
roidelapluie merged 5 commits intoprometheus:mainfrom
gabibguti:main
Sep 29, 2023
Merged

Add OpenSSF Scorecards GitHub Action#11348
roidelapluie merged 5 commits intoprometheus:mainfrom
gabibguti:main

Conversation

@gabibguti
Copy link
Copy Markdown
Contributor

@gabibguti gabibguti commented Sep 23, 2022

Closes #11325

As described in the issue, this PR adds the OpenSSF Scorecards GitHub Action, which automatically checks the repo's supply-chain security processes and reports results to the repo's Security dashboard.

I have included some optional settings, but let me know if you would like them removed :)

  • Added the badge to the README.md displaying the project's score. (optional)
  • Added Google's copyright notice to scorecards.yml file. (optional)

@beorn7 beorn7 requested a review from roidelapluie September 27, 2022 13:08
@roidelapluie
Copy link
Copy Markdown
Member

roidelapluie commented Oct 4, 2022

Why not running on prs?

@gabibguti
Copy link
Copy Markdown
Contributor Author

gabibguti commented Oct 4, 2022

Why not running on prs?

Scorecards does not fully work on "pull_request" triggers yet. They are working on supporting it. If you allow me, I'd say we wait for the official support.
ossf/scorecard-action#109

@roidelapluie
Copy link
Copy Markdown
Member

roidelapluie commented Jan 23, 2023

Thanks!

@roidelapluie roidelapluie self-assigned this Jul 11, 2023
gabibguti and others added 5 commits September 29, 2023 13:21
@gabibguti
Create scorecards.yml
a1c1fc8 
Signed-off-by: Gabriela Gutierrez <[email protected]>
@gabibguti
Add OpenSSF Scorecard badge to README.md
9a628bb 
Signed-off-by: Gabriela Gutierrez <[email protected]>
@gabibguti
Add Google copyright notice
17caa50 
Signed-off-by: Gabriela Gutierrez <[email protected]>
@gabibguti
Fix trailing spaces
6237aba 
Signed-off-by: Gabriela Gutierrez <[email protected]>
OpenSSF: Run on main and PR's
19b4cb2 
Signed-off-by: Julien Pivotto <[email protected]>
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Sep 29, 2023

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@roidelapluie roidelapluie merged commit 77bc6b0 into prometheus:main Sep 29, 2023
@roidelapluie
Copy link
Copy Markdown
Member

roidelapluie commented Sep 29, 2023

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roidelapluie roidelapluie Awaiting requested review from roidelapluie

Assignees

@roidelapluie roidelapluie

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add the OpenSSF Scorecard GitHub Action

3 participants

@gabibguti @roidelapluie @github-advanced-security