cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon NodeSecure

Implement OpenSSF scorecard

Open fraxken opened this issue 1 year ago • 1 comments

The idea is to implement the scorecard by the Open Source Security Foundation (OpenSSF).

We can take inspiration on the tool deps.dev who already have an implementation: image

Those data are available online and fetchable by REST API. I think we should implement this like Bundlephobia API (by exposing an API on the HTTP Server to avoid cross domain issues).

The question that remains is where in the interface should we place this information?

fraxken avatar Sep 08 '22 16:09 fraxken

Well received.

tekeuange23 avatar Oct 01 '22 11:10 tekeuange23

We now have a back-end SDK to consume the OpenSSF API: https://github.com/NodeSecure/ossf-scorecard-sdk. So the overall idea is to:

  1. Add an API on the CLI http server and use the SDK to fetch the Scorecard result.
  2. Add UI in the left menu (and load data on the http server when we select a package).

For the UI my idea is to add a little menu/info where I draw a red line: image

We can move step by step with a first version that only show the score. Then later we can code the complete UI to show all checks details (like deps.dev).

fraxken avatar Nov 05 '22 13:11 fraxken