external-dns icon indicating copy to clipboard operation
external-dns copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Added the scorecard github action and its badge

Open ivankatliarchuk opened this issue 1 year ago • 5 comments

Description

Fixes #4673

PR to add the Scorecard GitHub Action and its badge in the README file.

Similar PR https://github.com/helm/helm/pull/13233

Checklist

  • [ ] Unit tests updated
  • [ ] End user documentation updated

ivankatliarchuk avatar Aug 12 '24 08:08 ivankatliarchuk

Hi @ivankatliarchuk. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Aug 12 '24 08:08 k8s-ci-robot

All my reply are in pending state. Not sure bug or smth. Docs https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onevent_nametypes

Screenshot 2024-08-13 at 08 48 30 Screenshot 2024-08-13 at 08 49 05

ivankatliarchuk avatar Aug 13 '24 07:08 ivankatliarchuk

/lgtm /assign @Raffo for final review

mloiseleur avatar Aug 13 '24 10:08 mloiseleur

I am not sure I like to have this added to the project. From what I can see, the OpenSSF scorecard is really not that great and gives you easily a wrong score for things that improve the project by a very small amount. We currently get a 6.9 (https://securityscorecards.dev/viewer/?uri=github.com/kubernetes-sigs/external-dns) which seems to be kinda bad, but the results need to be interpreted. I am not sure or maybe I even doubt that our users will be able to determine if it's something to worry about or not. A similar discussion has been done in the curl project.

For now, I'll put this on hold.

/hold

Raffo avatar Aug 23 '24 21:08 Raffo

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from mloiseleur. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Dec 29 '24 12:12 k8s-ci-robot

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Dec 29 '24 12:12 k8s-ci-robot