-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Support Security-Policy
with --local
#1822
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1822 +/- ##
==========================================
+ Coverage 53.53% 56.60% +3.07%
==========================================
Files 73 73
Lines 6695 6697 +2
==========================================
+ Hits 3584 3791 +207
+ Misses 2865 2654 -211
- Partials 246 252 +6 |
Integration tests success for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, does this check support local repos? It's downloading the org repo if it exists, so it would return an error when security file is missing with the --local
option, no?
That was the behavior before this PR. With this PR, it only looks at the org repo if the |
I think the problem was introduced in #1822. This PR declared this check as File-based, even though the checks.yml says it's not https://github.com/ossf/scorecard/blob/main/docs/checks/internal/checks.yaml#L539 I think we need to make this check not file/commit type. |
Discussed offline. |
What kind of change does this PR introduce?
(Is it a bug fix, feature, docs update, something else?)
Add localclient support for
Security-Policy
check.What is the current behavior?
What is the new behavior (if this is a feature change)?**
Which issue(s) this PR fixes
Fixes #1752
Special notes for your reviewer
Does this PR introduce a user-facing change?
For user-facing changes, please add a concise, human-readable release note to
the
release-note
(In particular, describe what changes users might need to make in their
application as a result of this pull request.)