Rename CII->OpenSSF Best Practices badge (#2239)

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
ossf · Sep 8, 2022 · da785a2 · da785a2
1 parent c665f27
commit da785a2
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -436,7 +436,7 @@ Name        | Description                               | Risk Level | Token Req
 [Binary-Artifacts](docs/checks.md#binary-artifacts)             | Is the project free of checked-in binaries?                                                                                                                                                                                                                                                                                  | High               | PAT, GITHUB_TOKEN   |
 [Branch-Protection](docs/checks.md#branch-protection)           | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ?                                                                                                                                                                       | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN    | certain settings are only supported with a maintainer PAT
 [CI-Tests](docs/checks.md#ci-tests)                             | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)?                                                                                                                                         | Low | PAT, GITHUB_TOKEN   |
-[CII-Best-Practices](docs/checks.md#cii-best-practices)         | Does the project have a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)?                                                                                                                                                                                                                         | Low  | PAT, GITHUB_TOKEN   |
+[CII-Best-Practices](docs/checks.md#cii-best-practices)         | Does the project have an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)?                                                                                                                                                                                                                         | Low  | PAT, GITHUB_TOKEN   |
 [Code-Review](docs/checks.md#code-review)                       | Does the project require code review before code is merged?                                                                                                                                                                                                                                                                  | High | PAT, GITHUB_TOKEN   |
 [Contributors](docs/checks.md#contributors)                     | Does the project have contributors from at least two different organizations?                                                                                                                                                                                                                                                | Low | PAT, GITHUB_TOKEN   |
 [Dangerous-Workflow](docs/checks.md#dangerous-workflow)         | Does the project avoid dangerous coding patterns in GitHub Action workflows?                                                                                                                                                                                                                                                 | Critical | PAT, GITHUB_TOKEN   |

diff --git a/docs/checks.md b/docs/checks.md
@@ -156,11 +156,11 @@ If a project's system was not detected and you think it should be, please
 
 Risk: `Low` (possibly not following security best practices)
 
-This check determines whether the project has earned a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/), 
+This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/), 
 which indicates that the project uses a set of security-focused best development practices for open
-source software. The check uses the URL for the Git repo and the CII API.
+source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.
 
-The CII Best Practices badge has 3 tiers: passing, silver, and gold. We give
+The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
 full credit to projects that meet the [passing criteria](https://bestpractices.coreinfrastructure.org/criteria/0), which is a
 significant achievement for many projects. Lower scores represent a project that
 is at least working to achieve a badge, with increasingly more points awarded as
@@ -185,7 +185,7 @@ Some of these criteria overlap with other Scorecards checks.
 
 
 **Remediation steps**
-- Sign up for the [CII Best Practices program](https://bestpractices.coreinfrastructure.org/en).
+- Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/).
 
 ## Code-Review 
 

diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml
@@ -249,15 +249,15 @@ checks:
     risk: Low
     tags: security-awareness, security-training, security
     repos: GitHub
-    short: Determines if the project has a CII Best Practices Badge.
+    short: Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
     description: |
       Risk: `Low` (possibly not following security best practices)
 
-      This check determines whether the project has earned a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/), 
+      This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/), 
       which indicates that the project uses a set of security-focused best development practices for open
-      source software. The check uses the URL for the Git repo and the CII API.
+      source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.
 
-      The CII Best Practices badge has 3 tiers: passing, silver, and gold. We give
+      The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
       full credit to projects that meet the [passing criteria](https://bestpractices.coreinfrastructure.org/criteria/0), which is a
       significant achievement for many projects. Lower scores represent a project that
       is at least working to achieve a badge, with increasingly more points awarded as
@@ -281,7 +281,7 @@ checks:
       Some of these criteria overlap with other Scorecards checks.
     remediation:
       - >-
-        Sign up for the [CII Best Practices program](https://bestpractices.coreinfrastructure.org/en).
+        Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/).
   Code-Review:
     risk: High
     tags: supply-chain, security, source-code, code-reviews