Azeem Shaikh

@laurentsimon @naveensrinivasan @justaugustus - Raghav is ready to start work on this. Please give a shout if there are any concerns here.

IMO some checks like `Branch-Protection`, `Token-Permissions` shouldn't be exposed at all through this policy. I don't see these checks being useful to gate an image built at commit X. The...

> If this is better suited for AllStar, does this mean we'll ask users to install both? Or will AllStar encompass all the policies we declare here? Scope here does...

/assign to @raghavkaul

@singhsaurabh I have added this item in our bi-weekly. If you drop by, we can discuss this over call.

A wild idea - what if we collaborate with Dependabot/Renovatebot folks here so that every version bump PR by these tools provides a summarized view of diff between new version...

@rarkins makes sense for npm but this could be useful for non-npm ecosystems like Golang? What do you think about adding such diffs in Renovatebot?

Disabling these checks is a conscious decision for being able to scale the weekly job (see https://github.com/ossf/scorecard/blob/main/cron/config/config.yaml#L27). We need to optimize these checks for API usage before we enable them...

In `CI-Tests`, the issue comes from this for loop - https://github.com/ossf/scorecard/blob/2b206dc3654ab96b88310625c5f0a1a3902723e7/checks/ci_tests.go#L53-L54 We basically need to make the `ListChecksRunsForRef` call for all commits returned by `ListCommits` which is what makes this...

> I think this would still increase the cost of the query though. I'll play around with if this is an improvement or not. Yes, although graphQL cost might still...