Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DO NOT MERGE THIS - golang staging scheduled #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

DO NOT MERGE THIS - golang staging scheduled #2

wants to merge 1 commit into from

Conversation

naveensrinivasan
Copy link
Contributor

This is from this run.
Golang staging scheduled - https://github.com/ossf-tests/scorecard-action/runs/6187072538?check_suite_focus=true

Comparison results with the main branch on the scheduled run.

Signed-off-by: naveensrinivasan 172697+naveensrinivasan@users.noreply.github.com

@naveensrinivasan
DO NOT MERGE THIS - golang staging scheduled
a61cd2a 
This is from this run.
Golang staging scheduled - https://github.com/ossf-tests/scorecard-action/runs/6187072538?check_suite_focus=true

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
laurentsimon
laurentsimon approved these changes Apr 27, 2022
View reviewed changes
scorecard-action-main.sarif
},
"tool": {
"driver": {
"name": "Scorecard",
"informationUri": "https://github.com/ossf/scorecard",
"semanticVersion": "4.1.0",
"semanticVersion": "unknown",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is because we run from HEAD, right?

@laurentsimon laurentsimon mentioned this pull request Apr 29, 2022
Closed
12 tasks
azeemshaikh38
azeemshaikh38 requested changes May 3, 2022
View reviewed changes
Copy link

@azeemshaikh38 azeemshaikh38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After discussion with @laurentsimon, a good chunk of the diff here is because bash script is running at Scorecard v4.1.0 while Golang at v4.1.1-0.20220306220811-4b9f0389c6f6.

We need to release a new version of Scorecard. Update scorecard-action (both bash and Golang) to use this new version and then compare the diffs.

@azeemshaikh38
Copy link

After discussion with @laurentsimon, a good chunk of the diff here is because bash script is running at Scorecard v4.1.0 while Golang at v4.1.1-0.20220306220811-4b9f0389c6f6.

We need to release a new version of Scorecard. Update scorecard-action (both bash and Golang) to use this new version and then compare the diffs.

On a separate note, it is not a good sign that our results change so significantly within a minor release. We need better ways to monitor Scorecard quality.

@laurentsimon
Copy link

laurentsimon commented May 3, 2022
edited

Im going to look into the diff this week. From a cursory read, it looks like mostly details were added for checks that don't have files to be reported, like like Branch-Protection. (This is something I remember adding when a user complained about lack of info)

I'll keep you posted later this week

@laurentsimon laurentsimon mentioned this pull request May 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azeemshaikh38 azeemshaikh38 azeemshaikh38 requested changes

@laurentsimon laurentsimon laurentsimon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@naveensrinivasan @azeemshaikh38 @laurentsimon