mirror of
https://github.com/ossf/scorecard.git
synced 2024-11-05 05:17:00 +03:00
96452d99ab
* polish some probe yaml definitions Signed-off-by: Spencer Schrock <sschrock@google.com> * update references to probe naming and outcomes now that #3654 is addressed, the naming restrictions can be relaxed. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
37 lines
1.9 KiB
YAML
37 lines
1.9 KiB
YAML
# Copyright 2023 OpenSSF Scorecard Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
id: hasRecentCommits
|
|
short: Check whether the project has at least one commit per week over the last 90 days.
|
|
motivation: >
|
|
A project which is not active might not be patched, have its dependencies patched, or be actively tested and used.
|
|
A lack of active maintenance should signal that potential users should investigate further to judge the situation.
|
|
A project may not need further features or maintenance; In this case, the probe results can be disregarded.
|
|
implementation: >
|
|
The implementation checks the number of commits made in the last 90 days by any user type.
|
|
outcome:
|
|
- If the project has commits from the last 90 days, the probe returns one OutcomeTrue with a "commitsWithinThreshold" value which contains the number of commits that the probe found within the threshold. The probe will also return a "lookBackDays" value which is the number of days that the probe includes in its threshold - which is 90.
|
|
- If the project does not have commits in the last 90 days, the probe returns a single OutcomeFalse.
|
|
remediation:
|
|
onOutcome: False
|
|
effort: Low
|
|
text:
|
|
- The only way to remediate this probe is to make contributions to the project, however, some projects have reached a level of maturity that does require further contributions.
|
|
ecosystem:
|
|
languages:
|
|
- all
|
|
clients:
|
|
- github
|
|
- gitlab
|