Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CII Best practices badge addition #5432

Closed
UlisesGascon opened this issue Jun 13, 2023 · 16 comments · Fixed by #6057
Closed

CII Best practices badge addition #5432

UlisesGascon opened this issue Jun 13, 2023 · 16 comments · Fixed by #6057

Comments

@UlisesGascon
Copy link
Member

UlisesGascon commented Jun 13, 2023

In order to obtain the silver level ( nodejs/security-wg#955 ) we will need to met this criteria:

The project repository front page and/or website MUST identify and hyperlink to any achievements, including this best practices badge, within 48 hours of public recognition that the achievement has been attained. (URL required)

It was not possible to be done in the Node README.md (nodejs/node#48427)

I am not very sure where this badge can be added in the website, this is the sample code that is provided.

OpenSSF Best Practices

<a href="https://bestpractices.coreinfrastructure.org/projects/29"><img src="https://bestpractices.coreinfrastructure.org/projects/29/badge"></a>
[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/29/badge)](https://bestpractices.coreinfrastructure.org/projects/29)

Related:

cc: @nodejs/security

@ovflowd
Copy link
Member

ovflowd commented Jun 13, 2023

I think it's fine to add it here :)

At least I don't mind the extra badge, cc @nodejs/website what y'all think about it?

@mikeesto
Copy link
Member

Fine by me FWIW. Does it need to be on the home page or could it be on another page?

@RafflesiaKhan
Copy link

RafflesiaKhan commented Jun 14, 2023

I think it's better to add that after Nodejs(line 1) or add a new section as Badges before License :)

@ovflowd
Copy link
Member

ovflowd commented Jun 14, 2023

Yeah I also believe it's better fitting on the README rather than the website itself.

@ljharb
Copy link
Member

ljharb commented Jun 14, 2023

It would be ideal to have it in the repo readme; I'm about to begin an OpenJS Foundation initiative with the goal of having every Foundation project follow these best practices, which include displaying the badge - the website would count, but the repo feels more appropriate to me.

@HinataKah0
Copy link
Contributor

I also don't mind an extra badge

I checked other projects and I saw the badge is put in README under the project name... IMO it's more appropriate
But it seems there's a consensus of not putting this in the README :)

@ovflowd
Copy link
Member

ovflowd commented Jun 15, 2023

@UlisesGascon feel free to open a PR against our README. It sounds clear that the Website Team isn't against this.

To be honest, I don't think this falls to the Website Team, since this is an OpenJS initiative (correct me if I'm wrong) and probably the @nodejs/tsc is more interested in knowing we're setting up a badge that will theoretically grant us a certain status.

But again, I think we're fine with proceeding with getting this adopted here :)

@tniessen
Copy link
Member

feel free to open a PR against our README

I don't think the website repo's README is what the requirement demands. The only reason for adding the badge is to comply with their demand, not to actually showcase it :)

@ljharb
Copy link
Member

ljharb commented Jun 15, 2023

oh sorry, i meant the node repo was the more appropriate place to put it.

@RafaelGSS
Copy link
Member

We should either have it on nodejs/node#README.md or Node.js website to display the badge. Otherwise, the requirements won't be met.

@mhdawson
Copy link
Member

mhdawson commented Jun 28, 2023

And to make sure everybody on the thread has the context, there were objections to adding it to the node repo README.md in nodejs/node#48427 when @UlisesGascon opened a PR to do that. That is why the request to add it to the Website.

@UlisesGascon
Copy link
Member Author

@nodejs/website can you help us to progress the initiative? We are submitting the Silver badge currently, and this is a requirement. Maybe we can include it in the footer? Not sure where we can include the badge in the website 🤔

@bmuenzenmeyer
Copy link
Collaborator

bmuenzenmeyer commented Oct 19, 2023

I had a couple minutes and I mocked up what it would look like on the current site - the footer seems like an okay place to me.

image

But the new proposed layout has vastly streamlined this area of the site and I feel like simply duplicating it in the new footer would be a mistake. If the rest of @nodejs/nodejs-website agrees...

  • I think we should add to the current footer with as little work as possible - we will be throwing that work away.
  • We should engage with @haydenbleasel and @nodejs/ux-and-design to think through what makes the most sense in the proposed design.
    • Potential areas:
      • About page
      • Project governance page (my current preference)
      • Sidebar
image

@ljharb
Copy link
Member

ljharb commented Oct 19, 2023

Governance is about how decisions are made, not about technical rubrics. Perhaps under "about" or "security reporting"?

@ovflowd
Copy link
Member

ovflowd commented Oct 19, 2023

Feels right under Security Reporting, yeah.

@bmuenzenmeyer
Copy link
Collaborator

do we know what content is within the new "Security Reporting" page? if it's just a rename of the current "Security" page, that wont work well - as that's just a link to https://github.com/nodejs/node/security/policy#security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
10 participants