ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-20 05:27:12 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #51 from ossf/inferno-chromium-patch-2

Browse Source 
Add helper hyperlinks for check references.
This commit is contained in:
Abhishek Arya 2020-11-09 19:16:29 -08:00 committed by GitHub
commit 9d18604db8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -74,17 +74,17 @@ The following checks are all run against the target project:
| Name | Description |
|---|---|
| Security-MD | Does the project contain security policies? |
| Security-MD | Does the project contain a [security policy](https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)? |
| Contributors | Does the project have contributors from at least two different organizations? |
| Frozen-Deps | Does the project declare and freeze dependencies? |
| Frozen-Deps | Does the project declare and freeze [dependencies](https://docs.github.com/en/free-pro-team@latest/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)? |
| Signed-Releases | Does the project cryptographically [sign releases](https://wiki.debian.org/Creating%20signed%20GitHub%20releases)? |
| Signed-Tags | Does the project cryptographically sign release tags? |
| Signed-Releases | Does the project cryptographically sign releases? |
| CI-Tests | Does the project run tests in CI? |
| Code-Review | Does the project require code review before code is merged? |
| CII-Best-Practices | Does the project have a CII Best Practices Badge? |
| Pull-Requests | Does the project use Pull Requests for all changes? |
| Fuzzing | Does the project use OSS-Fuzz? |
| SAST | Does the project use static code analysis tools, e.g. CodeQL? |
| CII-Best-Practices | Does the project have a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)? |
| Pull-Requests | Does the project use Pull Requests for all code changes? |
| Fuzzing | Does the project use [OSS-Fuzz](https://github.com/google/oss-fuzz)? |
| SAST | Does the project use static code analysis tools, e.g. [CodeQL](https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository#enabling-code-scanning-using-actions)? |
| Active | Did the project get any commits and releases in last 90 days? |
To see detailed information on how each check works, see the [check-specific documentation page](checks.md).