📖 mark codeApproved and sastToolRunsOnAllCommits as experimental (#4242)

The motivation behind the probes won't change, but I want to reserve the ability to change the probe to return 1 finding per changeset. We've received feedback that being able to see which individual change passes or doesn't pass is helpful. Signed-off-by: Spencer Schrock <sschrock@google.com>
ossf · Jul 15, 2024 · bc30d0f · bc30d0f
1 parent b48bdbf
commit bc30d0f
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/docs/probes.md b/docs/probes.md
@@ -74,7 +74,7 @@ Returns OutcomeNotAvailable if Scorecard cannot fetch the data from the reposito
 
 ## codeApproved
 
-**Lifecycle**: stable
+**Lifecycle**: experimental
 
 **Description**: Check that all recent changesets have been approved by someone who is not the author of the changeset.
 
@@ -549,7 +549,7 @@ If the project does not use a SAST tool, or uses a tool we dont currently detect
 
 ## sastToolRunsOnAllCommits
 
-**Lifecycle**: stable
+**Lifecycle**: experimental
 
 **Description**: Checks that a SAST tool runs on all commits in the projects CI.
 

diff --git a/probes/codeApproved/def.yml b/probes/codeApproved/def.yml
@@ -14,7 +14,7 @@
 
 
 id: codeApproved
-lifecycle: stable
+lifecycle: experimental
 short: Check that all recent changesets have been approved by someone who is not the author of the changeset.
 motivation: >
   To ensure that the review process works, the proposed changes

diff --git a/probes/sastToolRunsOnAllCommits/def.yml b/probes/sastToolRunsOnAllCommits/def.yml
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 id: sastToolRunsOnAllCommits
-lifecycle: stable
+lifecycle: experimental
 short: Checks that a SAST tool runs on all commits in the projects CI.
 motivation: >
   SAST is testing run on source code before the application is run. Using SAST tools can prevent known classes of bugs from being inadvertently introduced in the codebase.