scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard

Published 20 hours ago verified publisher icon ossf

Capitalize proper nouns like Dependabot, Renovate, and GitHub

Open HonkingGoose opened this issue 2 years ago • 8 comments

Proper nouns should be capitalized properly.

Suggested replacements on *.md files:

  • dependabot -> Dependabot
  • renovatebot -> Renovate or Renovate bot
  • github -> GitHub

HonkingGoose avatar Jul 14 '22 10:07 HonkingGoose

Thank you! Would you like to do a PR?

naveensrinivasan avatar Jul 14 '22 11:07 naveensrinivasan

I'll let you guys do it. 😉

HonkingGoose avatar Jul 14 '22 11:07 HonkingGoose

These are the "md" files I can see to scan through to make the changes,

./CODE_OF_CONDUCT.md
./checks/testdata/licensedir/withoutlicense/README.md
./checks/write.md
./cloudbuild/README.md
./docs/checks.md
./README.md
./CONTRIBUTING.md
./.github/PULL_REQUEST_TEMPLATE.md
./.github/ISSUE_TEMPLATE/feature_request.md
./.github/ISSUE_TEMPLATE/bug_report.md
./errors/errors.md
./SECURITY.md
./cron/data/README.md

singhsaurabh avatar Jul 14 '22 20:07 singhsaurabh

In ./docs/checks.md following lines need update

in line number 206

  • determines whether the most recent (~30) commits have a Github-approved review

in line number 263

  • logging github context and secrets, or use of potentially untrusted inputs in scripts.

in line number 279

  • can add their own content to certain github context variables that are considered

in line number 294

in line number 295

in line number 312

  • Signup for automatic dependency updates with [dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dep endency-updates) or renovatebot and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependa bot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on.

in line number 313

  • Unlike dependabot, renovatebot has support to migrate dockerfiles' dependencies from version pinning to hash pinning via the [pinDigests setting](https://docs.renovatebot.com/configuration-options/ #pindigests) without aditional manual effort.

in line number 475

in line number 476

in line number 491

  • The checks currently looks for known Github apps such as

singhsaurabh avatar Jul 14 '22 21:07 singhsaurabh

@naveensrinivasan can I take this issue and make the changes and create PR? Thank You

singhsaurabh avatar Jul 14 '22 21:07 singhsaurabh

@singhsaurabh Thank you!

naveensrinivasan avatar Jul 14 '22 21:07 naveensrinivasan

@naveensrinivasan Please review PR-2061. I resolved the conflicts but current PR has my older changes also which are made with respect to the issue-1534. Looks like something I didn’t do correctly while committing new changes. Please help. Thank You

singhsaurabh avatar Jul 14 '22 22:07 singhsaurabh

Updated the changes in checks.yaml file and build the doc.

Screenshot 2022-07-25 at 23 18 28

Please review the PR https://github.com/ossf/scorecard/pull/2061 Thank You

singhsaurabh avatar Jul 25 '22 22:07 singhsaurabh