ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

📖 Update README.md (#976)

Browse Source 
* Update README.md

Minor fixes for clarity.

* Update README.md

* Update README.md

Reinstating "Understanding Scorecard Results" paragraph after accidental deletion.

* Update README.md

Delete test phrase ("DELETE THIS")

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
This commit is contained in:
olivekl 2021-09-08 11:22:25 -04:00 committed by GitHub
parent 2b15b1353b
commit 924d4d5da9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@ -72,7 +72,7 @@ the [checks documentation page](docs/checks.md).
### Authentication
Before running Scorecard, you need to, either:
Before running Scorecard, you need to either:
- [create a GitHub access token](https://docs.github.com/en/free-pro-team@latest/developers/apps/about-apps#personal-access-tokens)
and set it in an environment variable called `GITHUB_AUTH_TOKEN`,
@ -93,8 +93,8 @@ set GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
```
- create a GitHub App Installations for higher rate-limit quotas. If you have
an installed GitHub App and key file, you can use these three environment
variables, following the commands shown above for your platform.
an installed GitHub App and key file, you can use the three environment
variables below, following the commands shown above for your platform.
```
GITHUB_APP_KEY_PATH=<path to the key file on disk>
@ -102,7 +102,7 @@ GITHUB_APP_INSTALLATION_ID=<installation id>
GITHUB_APP_ID=<app id>
```
These can be obtained from the GitHub
These variables can be obtained from the GitHub
[developer settings](https://github.com/settings/apps) page.
@ -116,9 +116,9 @@ The `GITHUB_AUTH_TOKEN` has to be set to a valid [token](#Authentication)
docker run -e GITHUB_AUTH_TOKEN=token gcr.io/openssf/scorecard:stable --show-details --repo=https://github.com/ossf/scorecard
```
### Using repository URL
### Running Scorecards Using a URL
The program can run using just one argument, the URL of the repo:
Scorecards can run using just one argument, the URL of the target repo:
```shell
$ go install github.com/ossf/scorecard/v2@latest
@ -205,6 +205,7 @@ RESULTS
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
```
### Showing Detailed Results
For more details why a check fails, use the `--show-details` option:
```
@ -238,11 +239,9 @@ RESULTS
|---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------|
```
### Using a Package manager
### Running Scorecards Using a Package Manager
scorecard has an option to provide either `--npm` / `--pypi` / `--rubygems`
package name and it would run the checks on the corresponding GitHub source
code.
For projects in the `--npm`, `--pypi`, or `--rubygems` ecosystems, you have the option to run Scorecards using a package manager. Provide the package name to run the checks on the corresponding GitHub source code.
For example:
@ -292,14 +291,14 @@ Security-Policy: Pass 10
Signed-Releases: Fail 0
```
### Running specific checks
### Running Specific Checks
To use a particular check(s), add the `--checks` argument with a list of check
To run only specific check(s), add the `--checks` argument with a list of check
names.
For example, `--checks=CI-Tests,Code-Review`.
### Understanding Scorecard results
### Understanding Scorecard Results
Each check returns a **Pass / Fail** decision, as well as a confidence score
between **0 and 10**. A confidence of 0 should indicate the check was unable to
@ -315,11 +314,8 @@ These may be specified with the `--format` flag.
## Public Data
If you're only interested in seeing a list of projects with their Scorecard
check results, we publish these results in a
[BigQuery public dataset](https://cloud.google.com/bigquery/public-data).
This data is available in the public BigQuery dataset
We publish a list of projects checked by Scorecards and their results in the
[BigQuery public dataset](https://cloud.google.com/bigquery/public-data)
`openssf:scorecardcron.scorecard`. The latest results are available in the
BigQuery view `openssf:scorecardcron.scorecard_latest`.
@ -350,7 +346,7 @@ on other source control systems.
## Adding a Scorecard Check
If you'd like to add a check, please see guidance [here](checks/write.md)
If you'd like to add a check, please see guidance [here](checks/write.md).
## Troubleshooting
@ -366,13 +362,13 @@ If you'd like to add a check, please see guidance [here](checks/write.md)
For realtime discussion, you can join the
[#security_scorecards](https://slack.openssf.org/#security_scorecards) slack
channel. Slack requires registration, but the openssf team is open
invitation to anyone to register here. Feel free to come and ask any
channel. The Slack platform requires registration, but the openssf team channel is open
to anyone. Feel free to come and ask any
questions.
## Supportability
Currently, scorecard officially supports OSX and Linux platforms. So, if you are
Currently, scorecard officially supports OSX and Linux platforms. If you are
using a Windows OS you may find issues. Contributions towards supporting Windows
are welcome.