scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard

Published 20 hours ago verified publisher icon ossf

Feature: Zombie Commits Support

Open latortuga71 opened this issue 2 years ago • 5 comments

Description Zombie commits are commits to a repository directly to the main branch, not attached to any pull requests. Adding a check to scorecard on zombie commits could help users determine if owners adhere to strict guidelines regarding contributions.

Describe the solution you'd like Add a check for "Zombie Commits" that ranks 1-10 based on the percentage of zombie commits on the repository, or between two releases.

latortuga71 avatar Sep 21 '22 19:09 latortuga71

I have seen few important open-source projects implement detection for this using GitHub Actions workflows. I will try to find that and share here.

varunsh-coder avatar Sep 21 '22 19:09 varunsh-coder

I had this feature in my open-source project gauge as well: https://github.com/tap8stry/gauge

Example: https://github.com/tap8stry/gauge#package-mode

nadgowdas avatar Sep 22 '22 20:09 nadgowdas

Could we surface these commits in the Code-Review check? As being non-reviewed / not having an associated PR?

laurentsimon avatar Sep 22 '22 20:09 laurentsimon

I could not find the project I had seen use this. But there is similar discussion in this SO question: https://stackoverflow.com/questions/66376960/detect-direct-pushes-to-master-w-github-actions

varunsh-coder avatar Sep 25 '22 18:09 varunsh-coder

/cc @raghavkaul

laurentsimon avatar Sep 26 '22 18:09 laurentsimon

Was this implemented or dropped?

laurentsimon avatar Oct 28 '22 10:10 laurentsimon

Dropped determined too similar to code review checks

latortuga71 avatar Nov 01 '22 15:11 latortuga71