Clarified that classic personal access tokens, not fine-grained ones, are needed for scorecard to work.
Signed-off-by: Mike Maraya <mmaraya@users.noreply.github.com>
Signed-off-by: Mike Maraya <mmaraya@users.noreply.github.com>
* feat: add information about two factor authentication
Signed-off-by: Joyce Brum <joycebrum@google.com>
* fix: descriptiton of 2FA to be more complete
Signed-off-by: Joyce Brum <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
Remove trailing whitespace in README.md and checks.yaml.
Trailing whitespace creates long-term hidden problems, because
in most editors they aren't visible, yet changing them creates
what appear to be spurious changes. They can also create
surprising merge conflicts. Removing them removes the problem
long term.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
* Bugfix: Detect recently created Github repositories
Adjust the unweighted score -3 points if they were created in the last
90 days
* Address PR comments
* Address PR comments
* Make log message more urgent
* Add to raw results
* Zero 'Maintained' score if the repo is too new to evaluate
* Update docs
* Update maintained_test.go
* Fix lint error
Fix link to projects.csv in README.md
Remove out of date info on daily cron job from CONTRIBUTING.md and fix
various links.
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
* Create scorecards-analysis.yml
* Update README.md
Move Public Data section
Add placeholders for new installation organization, TODOs for public data section
* Update README.md
Remove outdated public data scoring system paragraph
* Update README.md
Add explanation of Scorecard Action install option and link out
* Update README.md
Add sentence introducing CLI installation section; move all heading down a level for that section
* Update README.md
Fix typo
* Update README.md
Remove comma
* Delete scorecards-analysis.yml file
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Add risk levels to table of Scorecards Checks section; remove lists of each risk level in the Scoring section. (To streamline navigation; keeps the same info but just in shorter format)
Add suggestion of which PAT to set;
Add explanation of why authentication is needed;
Clarity the "either-or" options for authentication;
Add link to GH Installations (please confirm link is correct)
According to https://github.com/apps/lgtm-com
"LGTM is a code analysis platform for identifying vulnerabilities early and preventing
them from reaching production". It's used by `systemd`, `lxc` and a lot of other large
open source projects. The check is
still kind of broken in the sense that it fails to detect
projects where every PR is analyzed by LGTM before getting merged
but it's better than nothing I guess.
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>