Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Separate check for policy/score evaluation #1245

Closed
laurentsimon opened this issue Nov 12, 2021 · 10 comments
Closed

Feature: Separate check for policy/score evaluation #1245

laurentsimon opened this issue Nov 12, 2021 · 10 comments
Assignees
Labels
kind/enhancement New feature or request Stale
Milestone

Comments

@laurentsimon
Copy link
Contributor

We need to separate check and its policy evaluation. This will allow us to return 'raw' results for users to apply arbitrary policies.
The first step is to do the separation within the checks package. Then all checks are migrated, we will create a pkg.RunRawScorecards() and create our default policy (currently the scores) thru an additional call.
We will later expose this in the CLI

@naveensrinivasan
Copy link
Member

We need to separate check and its policy evaluation. This will allow us to return 'raw' results for users to apply arbitrary policies.
The first step is to do the separation within the checks package. Then all checks are migrated, we will create a pkg.RunRawScorecards() and create our default policy (currently the scores) thru an additional call.
We will later expose this in the CLI

Cool! Is this part of v4 release?

@laurentsimon laurentsimon changed the title Feature: Separate check fr policy/score evaluation Feature: Separate check for policy/score evaluation Nov 12, 2021
@laurentsimon
Copy link
Contributor Author

We need to separate check and its policy evaluation. This will allow us to return 'raw' results for users to apply arbitrary policies.
The first step is to do the separation within the checks package. Then all checks are migrated, we will create a pkg.RunRawScorecards() and create our default policy (currently the scores) thru an additional call.
We will later expose this in the CLI

Cool! Is this part of v4 release?

no. Just too many checks to migrate :-) v5 or v6.

@azeemshaikh38
Copy link
Contributor

@laurentsimon assigning to you for now.

@laurentsimon
Copy link
Contributor Author

cc @richsalz this is the large blocker that will help us provide more granularity in the results and give is the ability to provide remediation steps for each warning. (something that came up in #1500)

@richsalz
Copy link

Thanks for CC'ing me, @laurentsimon! Have you thought of assigning each check a unique ID, and then allowing command-line flags like --ignore filename:id as in --ignore .github/workflows/ci.yml:unpinned

@laurentsimon
Copy link
Contributor Author

laurentsimon commented Jan 21, 2022

We thought about something along these lines early on. I think we'll achieve what you describe with policies. Once we have the separation of checks vs policy, we'll be able to apply --ignore .github/workflows/ci.yml:unpinned, and even more expressive policies such as ignore unpinned action org/name or ignore unpinned action only if permissions are not write, or ignore unpinned action in workflow path/file but not unpinned pip install. The file approach works well on simple examples, but is hard to generalize to other uses case like, say warn me if a reviewers is not in list X,Y,Z.

We feel the policies will allow flexibility for advanced users, without bloating the CLI arguments. We will have built-in policies, of course.

Wdut?

@richsalz
Copy link

Your ideas sound great. (I'm not surprised.)

@laurentsimon
Copy link
Contributor Author

glad that it makes sense to you too. Everyone is asking for different exceptions and special cases, policies are the only solution that seemed viable in the end. Let's hope this works

Copy link

github-actions bot commented Nov 5, 2023

This issue is stale because it has been open for 60 days with no activity.

@afmarcum afmarcum moved this to Todo in Scorecard - NEW Mar 7, 2024
@spencerschrock
Copy link
Member

Given the work on structured results, I'm going to mark this issue as obsolete, as it accomplished the same goal of granularity and custom policies

@spencerschrock spencerschrock closed this as not planned Won't fix, can't repro, duplicate, stale May 2, 2024
@github-project-automation github-project-automation bot moved this from Todo to Done in Scorecard - NEW May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement New feature or request Stale
Projects
Status: Done
Status: Done
Development

No branches or pull requests

5 participants