From 146f0eb1e593b45255f42af251be712869364a78 Mon Sep 17 00:00:00 2001 From: Fred Gan Date: Wed, 13 Sep 2023 06:47:53 +0800 Subject: [PATCH] :book: Update bestpractices links (#3448) Signed-off-by: Fred Gan --- README.md | 4 ++-- clients/cii_client.go | 2 +- clients/cii_http_client.go | 2 +- cron/internal/cii/main.go | 2 +- docs/checks.md | 12 ++++++------ docs/checks/internal/checks.yaml | 12 ++++++------ 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index c5b886ca..b43d91cf 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # OpenSSF Scorecard [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard/badge)](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) -[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5621/badge)](https://bestpractices.coreinfrastructure.org/projects/5621) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/5621/badge)](https://www.bestpractices.dev/projects/5621) ![build](https://github.com/ossf/scorecard/workflows/build/badge.svg?branch=main) ![CodeQL](https://github.com/ossf/scorecard/workflows/CodeQL/badge.svg?branch=main) [![Go Reference](https://pkg.go.dev/badge/github.com/ossf/scorecard/v4.svg)](https://pkg.go.dev/github.com/ossf/scorecard/v4) @@ -472,7 +472,7 @@ Name | Description | Risk Level | Token Req [Binary-Artifacts](docs/checks.md#binary-artifacts) | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | Supported | [Branch-Protection](docs/checks.md#branch-protection) | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN | Supported (see notes) | certain settings are only supported with a maintainer PAT [CI-Tests](docs/checks.md#ci-tests) | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)? | Low | PAT, GITHUB_TOKEN | Supported -[CII-Best-Practices](docs/checks.md#cii-best-practices) | Has the project earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org) at the passing, silver, or gold level? | Low | PAT, GITHUB_TOKEN | Validating | +[CII-Best-Practices](docs/checks.md#cii-best-practices) | Has the project earned an [OpenSSF (formerly CII) Best Practices Badge](https://www.bestpractices.dev) at the passing, silver, or gold level? | Low | PAT, GITHUB_TOKEN | Validating | [Code-Review](docs/checks.md#code-review) | Does the project practice code review before code is merged? | High | PAT, GITHUB_TOKEN | Validating | [Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | Validating | [Dangerous-Workflow](docs/checks.md#dangerous-workflow) | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | Unsupported | diff --git a/clients/cii_client.go b/clients/cii_client.go index c0f407ee..61f5bc96 100644 --- a/clients/cii_client.go +++ b/clients/cii_client.go @@ -34,7 +34,7 @@ const ( ) // BadgeLevel corresponds to CII-Best-Practices badge levels. -// https://bestpractices.coreinfrastructure.org/en +// https://www.bestpractices.dev/en type BadgeLevel uint // String returns a string value for BadgeLevel enum. diff --git a/clients/cii_http_client.go b/clients/cii_http_client.go index 3500f63d..4de75327 100644 --- a/clients/cii_http_client.go +++ b/clients/cii_http_client.go @@ -49,7 +49,7 @@ func (transport *expBackoffTransport) RoundTrip(req *http.Request) (*http.Respon // GetBadgeLevel implements CIIBestPracticesClient.GetBadgeLevel. func (client *httpClientCIIBestPractices) GetBadgeLevel(ctx context.Context, uri string) (BadgeLevel, error) { repoURI := fmt.Sprintf("https://%s", uri) - url := fmt.Sprintf("https://bestpractices.coreinfrastructure.org/projects.json?url=%s", repoURI) + url := fmt.Sprintf("https://www.bestpractices.dev/projects.json?url=%s", repoURI) req, err := http.NewRequestWithContext(ctx, "GET", url, nil) if err != nil { return Unknown, fmt.Errorf("error during http.NewRequestWithContext: %w", err) diff --git a/cron/internal/cii/main.go b/cron/internal/cii/main.go index 53cea8a3..fa861660 100644 --- a/cron/internal/cii/main.go +++ b/cron/internal/cii/main.go @@ -29,7 +29,7 @@ import ( "github.com/ossf/scorecard/v4/cron/data" ) -const ciiBaseURL = "https://bestpractices.coreinfrastructure.org/projects.json" +const ciiBaseURL = "https://www.bestpractices.dev/projects.json" type ciiPageResp struct { RepoURL string `json:"repo_url"` diff --git a/docs/checks.md b/docs/checks.md index 8f7d5c02..ed52b0c9 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -165,17 +165,17 @@ If a project's system was not detected and you think it should be, please Risk: `Low` (possibly not following security best practices) -This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/) at the passing, silver, or gold level. +This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://www.bestpractices.dev/) at the passing, silver, or gold level. The OpenSSF Best Practices badge indicates whether or not that the project uses a set of security-focused best development practices for open source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API. The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give -full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a significant achievement for projects and requires multiple developers in the project. +full credit to projects that meet the [gold criteria](https://www.bestpractices.dev/criteria/2), which is a significant achievement for projects and requires multiple developers in the project. Lower scores represent a project that has met the silver criteria, met the passing criteria, or is working to achieve the passing badge, with increasingly more points awarded as more criteria are met. Note that even meeting the passing criteria is a significant achievement. -- [gold badge](https://bestpractices.coreinfrastructure.org/criteria/2): 10 -- [silver badge](https://bestpractices.coreinfrastructure.org/criteria/1): 7 -- [passing badge](https://bestpractices.coreinfrastructure.org/criteria/0): 5 +- [gold badge](https://www.bestpractices.dev/criteria/2): 10 +- [silver badge](https://www.bestpractices.dev/criteria/1): 7 +- [passing badge](https://www.bestpractices.dev/criteria/0): 5 - in progress badge: 2 Some of these criteria overlap with other Scorecard checks. @@ -183,7 +183,7 @@ However, note that in those overlapping cases, Scorecard can only report what it **Remediation steps** -- Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/). +- Sign up for the [OpenSSF Best Practices program](https://www.bestpractices.dev/). ## Code-Review diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 6151c64f..2d2fd889 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -263,24 +263,24 @@ checks: description: | Risk: `Low` (possibly not following security best practices) - This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/) at the passing, silver, or gold level. + This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://www.bestpractices.dev/) at the passing, silver, or gold level. The OpenSSF Best Practices badge indicates whether or not that the project uses a set of security-focused best development practices for open source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API. The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give - full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a significant achievement for projects and requires multiple developers in the project. + full credit to projects that meet the [gold criteria](https://www.bestpractices.dev/criteria/2), which is a significant achievement for projects and requires multiple developers in the project. Lower scores represent a project that has met the silver criteria, met the passing criteria, or is working to achieve the passing badge, with increasingly more points awarded as more criteria are met. Note that even meeting the passing criteria is a significant achievement. - - [gold badge](https://bestpractices.coreinfrastructure.org/criteria/2): 10 - - [silver badge](https://bestpractices.coreinfrastructure.org/criteria/1): 7 - - [passing badge](https://bestpractices.coreinfrastructure.org/criteria/0): 5 + - [gold badge](https://www.bestpractices.dev/criteria/2): 10 + - [silver badge](https://www.bestpractices.dev/criteria/1): 7 + - [passing badge](https://www.bestpractices.dev/criteria/0): 5 - in progress badge: 2 Some of these criteria overlap with other Scorecard checks. However, note that in those overlapping cases, Scorecard can only report what it can automatically detect, while the OpenSSF Best Practices badge can report on claims and claim justifications from people (this counters false negatives and positives but has the challenge of requiring additional work from people). remediation: - >- - Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/). + Sign up for the [OpenSSF Best Practices program](https://www.bestpractices.dev/). Code-Review: risk: High tags: supply-chain, security, source-code, code-reviews