-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Separate check from policies for the Vulnerabilities check #1532
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@laurentsimon -- Overall looks good, just a few nits.
Can you also tighten up the commit messages?
<area>: <what's changing>
<why it's changing>
<footer/signoff>
Great suggestion, but this is not a blocker IMO. We have been following a process for our commits and it is working. We don't stress for sign-off. If we want to bring such changes, can you please create an issue? |
do I need to write
same question as above.
what should I add in the footer/signoff? |
tell me if the new description is fine or not, thanks. |
Sure, that's a larger discussion: #1533
This is more for code hygiene than anything else. Ideally, you can interrogate a commit message and understand exactly why a change happened. Imagine you're debugging a regression and looking through the tree for a code change that was maybe not as innocuous as you expected. Would you prefer to see:
OR
Another example:
OR
|
Integration tests success for |
Given the previous comments from @swinslow , we might want to change all copyright statements to something like:
See Copyright Notices in Open Source Software Projects. I believe the legal requirement for the copyright statement (with the date) ended in the US in 1976 :-). |
friendly ping for LGTM. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @laurentsimon!
Needs more tests for this https://codecov.io/gh/ossf/scorecard/commit/5f9fff3b20ce7eb933978c7a4f9391cb2c9b3d89 |
checker/raw_results.go: add structure for results
checks/vulnerabilities.go: rewrite fr policy seperation
checks/raw/vulnerabilities.go: data retrieval
checks/evaluation/vulnerabilities.go: score calculation
pkg/json_raw_results.go: displays the results.
Refactor the Vulnerabilities check by separating the data retrieval and policy (score) evaluation.
This will allow users to create their own policies based on the raw (more structured) results, see ttps://github.com//issues/1245
No breaking changes.