scorecard
scorecard copied to clipboard
Capitalize proper nouns like Dependabot, Renovate, and GitHub
Proper nouns should be capitalized properly.
Suggested replacements on *.md
files:
-
dependabot
->Dependabot
-
renovatebot
->Renovate
orRenovate bot
-
github
->GitHub
Thank you! Would you like to do a PR?
I'll let you guys do it. 😉
These are the "md" files I can see to scan through to make the changes,
./CODE_OF_CONDUCT.md
./checks/testdata/licensedir/withoutlicense/README.md
./checks/write.md
./cloudbuild/README.md
./docs/checks.md
./README.md
./CONTRIBUTING.md
./.github/PULL_REQUEST_TEMPLATE.md
./.github/ISSUE_TEMPLATE/feature_request.md
./.github/ISSUE_TEMPLATE/bug_report.md
./errors/errors.md
./SECURITY.md
./cron/data/README.md
In ./docs/checks.md
following lines need update
in line number 206
- determines whether the most recent (~30) commits have a Github-approved review
in line number 263
- logging github context and secrets, or use of potentially untrusted inputs in scripts.
in line number 279
- can add their own content to certain github context variables that are considered
in line number 294
- specifically dependabot or
in line number 295
- renovatebot. Out-of-date
in line number 312
- Signup for automatic dependency updates with [dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dep endency-updates) or renovatebot and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependa bot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on.
in line number 313
- Unlike dependabot, renovatebot has support to migrate dockerfiles' dependencies from version pinning to hash pinning via the [pinDigests setting](https://docs.renovatebot.com/configuration-options/ #pindigests) without aditional manual effort.
in line number 475
- Github's dependabot
in line number 476
- or renovate bot.
in line number 491
- The checks currently looks for known Github apps such as
@naveensrinivasan can I take this issue and make the changes and create PR? Thank You
@singhsaurabh Thank you!
@naveensrinivasan Please review PR-2061. I resolved the conflicts but current PR has my older changes also which are made with respect to the issue-1534. Looks like something I didn’t do correctly while committing new changes. Please help. Thank You
Updated the changes in checks.yaml
file and build the doc.
![Screenshot 2022-07-25 at 23 18 28](https://user-images.githubusercontent.com/6647276/180885573-c29511c7-e7f3-47e1-9e29-e9712d15326d.png)
Please review the PR https://github.com/ossf/scorecard/pull/2061 Thank You