fosstars-rating-core icon indicating copy to clipboard operation
fosstars-rating-core copied to clipboard

Published 20 hours ago verified publisher icon SAP

How to set label thresholds for OssArtifactSecurityRating

Open mibo opened this issue 3 years ago • 1 comments

The label thresholds (com.sap.oss.phosphor.fosstars.model.rating.oss.OssArtifactSecurityRating.Thresholds) used by the OssArtifactSecurityRating were copied from the OssSecurityRating without validation (as it was for the PoC).

As the scores used by the OssArtifactSecurityRating are now enhanced and refined I would recommend to do analyses (based on the reference projects) similar to what was done for the OssSecurityRating (see here in the documentation). Based on the analyse the thresholds should be updated.

mibo avatar May 20 '21 12:05 mibo

I think we need to think and decide about a procedure how the threshold label are set and updated for the open source artifact security rating. I am not sure if it would be best to apply a similar procedure that we use for the open source security rating. It may be considered as an option though.

artem-smotrakov avatar May 25 '21 09:05 artem-smotrakov