scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard
verified publisher icon ossf

✨ Add check ID

Open ashearin opened this issue 1 year ago • 10 comments

What kind of change does this PR introduce?

Enhancement to our structured results. Adds a static Check ID for all checks, along with updates to check validation process to make sure the ID is unique. Only impacts Json results.

I also ran fieldalignment on the files where I made changes to struct members.

What is the current behavior?

Json output only has name for identifying the check

{
    "details": null,
    "score": 10,
    "reason": "no binaries found in the repo",
    "name": "Binary-Artifacts",
    "documentation": {
        "url": "https://github.com/ossf/scorecard/blob/main/docs/checks.md#binary-artifacts",
        "short": "Determines if the project has generated executable (binary) artifacts in the source repository."
    }
},

What is the new behavior (if this is a feature change)?**

Adding a uint as a unique ID allows users to filter/search for checks without string comparison.

{
    "id": 3,
    "details": null,
    "score": 10,
    "reason": "no binaries found in the repo",
    "name": "Binary-Artifacts",
    "documentation": {
        "url": "https://github.com/ossf/scorecard/blob/main/docs/checks.md#binary-artifacts",
        "short": "Determines if the project has generated executable (binary) artifacts in the source repository."
    }
},

Which issue(s) this PR fixes

Fixes #2577

Special notes for your reviewer

Does this PR introduce a user-facing change?

Add Check ID

ashearin avatar Apr 10 '24 23:04 ashearin

I think this change represents an interesting challenge for the cron, as it's something we could technically go and backfill data for. Can we wait on this until after OSS NA?

No rush from me, will do a bit more cleanup and we can look at it after next week

ashearin avatar Apr 11 '24 22:04 ashearin

Note the linter we use currently is fieldalignment

Went back and reset the structs and ran fieldalignment on them.

ashearin avatar Apr 12 '24 00:04 ashearin

This pull request has been marked stale because it has been open for 10 days with no activity

github-actions[bot] avatar Apr 25 '24 01:04 github-actions[bot]

This pull request has been marked stale because it has been open for 10 days with no activity

github-actions[bot] avatar May 15 '24 01:05 github-actions[bot]

@ashearin we are planning to merge this at the same time that we flip the switch on maintainer annotations, since both require a schema change to the BigQuery data. So going to do both at the same time.

spencerschrock avatar Jun 04 '24 16:06 spencerschrock

This pull request has been marked stale because it has been open for 10 days with no activity

github-actions[bot] avatar Jul 11 '24 01:07 github-actions[bot]

This pull request has been marked stale because it has been open for 10 days with no activity

github-actions[bot] avatar Aug 03 '24 01:08 github-actions[bot]

/scdiff generate License,Vulnerabilities,Code-Review,Dangerous-Workflow,SAST,Pinned-Dependencies,Branch-Protection,Signed-Releases,Maintained,Token-Permissions,CII-Best-Practices,Packaging,Binary-Artifacts,Dependency-Update-Tool,Security-Policy,Fuzzing

spencerschrock avatar Aug 14 '24 16:08 spencerschrock

Here's a link to the scdiff run

github-actions[bot] avatar Aug 14 '24 16:08 github-actions[bot]

This pull request has been marked stale because it has been open for 10 days with no activity

github-actions[bot] avatar Aug 30 '24 01:08 github-actions[bot]