Remove trailing whitespace in README.md and checks.yaml.
Trailing whitespace creates long-term hidden problems, because
in most editors they aren't visible, yet changing them creates
what appear to be spurious changes. They can also create
surprising merge conflicts. Removing them removes the problem
long term.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
* Bugfix: Detect recently created Github repositories
Adjust the unweighted score -3 points if they were created in the last
90 days
* Address PR comments
* Address PR comments
* Make log message more urgent
* Add to raw results
* Zero 'Maintained' score if the repo is too new to evaluate
* Update docs
* Update maintained_test.go
* Fix lint error
Fix link to projects.csv in README.md
Remove out of date info on daily cron job from CONTRIBUTING.md and fix
various links.
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
* Create scorecards-analysis.yml
* Update README.md
Move Public Data section
Add placeholders for new installation organization, TODOs for public data section
* Update README.md
Remove outdated public data scoring system paragraph
* Update README.md
Add explanation of Scorecard Action install option and link out
* Update README.md
Add sentence introducing CLI installation section; move all heading down a level for that section
* Update README.md
Fix typo
* Update README.md
Remove comma
* Delete scorecards-analysis.yml file
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Add risk levels to table of Scorecards Checks section; remove lists of each risk level in the Scoring section. (To streamline navigation; keeps the same info but just in shorter format)
Add suggestion of which PAT to set;
Add explanation of why authentication is needed;
Clarity the "either-or" options for authentication;
Add link to GH Installations (please confirm link is correct)
According to https://github.com/apps/lgtm-com
"LGTM is a code analysis platform for identifying vulnerabilities early and preventing
them from reaching production". It's used by `systemd`, `lxc` and a lot of other large
open source projects. The check is
still kind of broken in the sense that it fails to detect
projects where every PR is analyzed by LGTM before getting merged
but it's better than nothing I guess.
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
* Update Install command for version 3
Change v2@latest to v@latest in README.md
* Update install instruction to use GitHub releases
Remove `go install` instructions and replace with instructions to download binary from GitHub releases
* Update install instructions for GOPATH caps
Change gopath to GOPATH
