Spencer Schrock

**Describe the bug** The [YAML which defines the Webhooks check](https://github.com/ossf/scorecard/blob/2f253e83c4d85cd68202c523bd0e956732a84421/docs/checks/internal/checks.yaml#L740) has a mismatch between the `risk` (high) and the `description` (critical). I'm not sure what the proper level is, but...

🌱 cron: generalize and expose worker (6/n)

6

#### What kind of change does this PR introduce? Part of a series of refactors to generalize the cron infrastructure to enable re-use by the [ossf criticality score project](https://github.com/ossf/criticality_score) -...

🌱 Remediation cleanup

2

#### What kind of change does this PR introduce? Followup PR to clean up some work done in #2168 - [X] PR title follows the guidelines defined in our [pull...

Does the projects endpoint need to be case sensitive

7

Scorecard uses the `/projects.json?url=` endpoint when checking a project's best practices badge status. We've have an open issue (https://github.com/ossf/scorecard/issues/3466) where some projects call scorecard with a different capitalization than their...

:seedling: Fix pinsDependencies outcomes

3

#### What kind of change does this PR introduce? probe cleanup - [X] PR title follows the guidelines defined in our [pull request documentation](https://github.com/ossf/scorecard/blob/main/CONTRIBUTING.md#pr-process) #### What is the current behavior?...

:seedling: Combine hasLicenseFile and hasLicenseFileAtTopDir probes

3

#### What kind of change does this PR introduce? probe cleanup - [X] PR title follows the guidelines defined in our [pull request documentation](https://github.com/ossf/scorecard/blob/main/CONTRIBUTING.md#pr-process) #### What is the current behavior?...

Migrate from OpenCensus OpenTelemetry

4

The OpenCensus GitHub repositories will be archived at the end of July. https://opentelemetry.io/blog/2023/sunsetting-opencensus/ We currently use this for telemetry data in the weekly 1.2M repo cron job.

How to mitigate C or bash pinned dependencies?

6

### Discussed in https://github.com/ossf/scorecard/discussions/3270 Originally posted by **claudioandre-br** July 15, 2023 Hi, I'm receiving this warning: ``` "Warn: downloadThenRun not pinned by hash: deploy/snap/build.sh:43", ``` Remediation steps says: > For...

Creating from: https://github.com/ossf/scorecard/pull/3507#discussion_r1380773897. It's common for probes to look for the existence of dangerous/risky data points. When such things are found, should the outcome be positive or negative? >> Should...

feature: Add bytes/strings NewReader support

3

Saw a few occurrences of this in my code, and noticed the linter wasn't picking them up. ```go r := strings.NewReader(string(content)) ``` `MIRROR_FUNCS.md` was edited manually, but the tests were...