1.6 KiB
Contributing to Security Scorecards!
Thank you for contributing your time and expertise to the Security Scorecards project. This document describes the contribution guidelines for the project.
Note: Before you start contributing, you must read and abide by our Code of Conduct.
Contributing code
Getting started
- Create a GitHub account
- Create a personal access token
- Set up your development environment
Then you can iterate.
Environment Setup
You must install these tools:
-
git: For source control -
go: The language Tekton Pipelines is built in. You need go version v1.15 or higher.
Iterating
You can build the project with:
go build .
You can also use go run to iterate without a separate rebuild step:
go run . --repo=<repo>
You can run tests with:
go test .
Adding New Checks
Each check is currently just a function of type CheckFn.
The signature is:
type CheckFn func(c.Checker) CheckResult
Checks are registered in an init function:
AllChecks = append(AllChecks, NamedCheck{
Name: "Code-Review",
Fn: DoesCodeReview,
})
Currently only one set of checks can be run. In the future, we'll allow declaring multiple suites and configuring which checks get run.