Comments (4)
Just to clarify, are you saying I can start working on this issue now, but I should not worry about sharding at this time?
Not worry about right now. There are several other to pick from list - https://github.com/ossf/scorecard/issues?q=is%3Aissue+is%3Aopen+%22New+check%22 or https://github.com/ossf/scorecard/milestone/1
but whichever you pick, leave a comment in bug to avoid duplication/conflict. thanks @chrismcgehee for your contributions!
from scorecard.
I'm interested in taking this one on. Before I start, I'd like to discuss how to go about doing this.
I don't see anything on Github's API that would allow us to query for a repo's past owners. I think we'll need to store this data ourselves and have scorecard query for it. We could record the owners for the repos we track as part of the cron process and store it in GCS bucket. Then when scorecard runs, it could download the file(s) it needs from the bucket. Maybe not at first, but we will want to shard the data across files within the bucket so that scorecard can download a reasonable size chunk if it's only checking one repo.
If the repo being checked is not present in the saved data, we'd have to give an inconclusive result.
Feedback on this approach?
from scorecard.
I'm interested in taking this one on. Before I start, I'd like to discuss how to go about doing this.
I don't see anything on Github's API that would allow us to query for a repo's past owners. I think we'll need to store this data ourselves and have scorecard query for it. We could record the owners for the repos we track as part of the cron process and store it in GCS bucket. Then when scorecard runs, it could download the file(s) it needs from the bucket. Maybe not at first, but we will want to shard the data across files within the bucket so that scorecard can download a reasonable size chunk if it's only checking one repo.
If the repo being checked is not present in the saved data, we'd have to give an inconclusive result.
Feedback on this approach?
This is a good approach. But we are in the process of designing sharding and coming up with long-term plans to scale. I would recommend that we wait until then.
Thanks for picking up the issue and all your contributions @chrismcgehee!
from scorecard.
Just to clarify, are you saying I can start working on this issue now, but I should not worry about sharding at this time?
from scorecard.
Related Issues (20)
- Feature: Consider go vet a SAST tool HOT 1
- Sudden e2e test failures in 2 tests HOT 1
- Should `security-events: read` be considered a dangerous permission? HOT 13
- The "vulnerabilities" check seems to be flaky HOT 1
- Links to OSV IDs aren't clickable HOT 5
- Feature: Improve docs on using package manager flags HOT 2
- BUG: --npm wrong input does not throw error HOT 1
- Feature: licensing check looks for ecosystem file's license
- Usage of the --verbosity flag HOT 2
- Feature: Enable ResultsFile switch HOT 1
- BUG: Gitlab Commits Before Date Needs More Logic HOT 1
- Migrate from OpenCensus OpenTelemetry HOT 3
- Donate openssf-scorecard-monitor ecosystem HOT 2
- Change in Dangerous-Workflow and Token-Permissions scores for repos with no workflows HOT 10
- Viewer should sort checks HOT 1
- Question: Is scorecard supposed to work with private github repositories? HOT 1
- New check suggestion: Fork; is the repository a fork? HOT 1
- Feature: make property-based probes more granular
- Discussion: Can probes exist without belonging to a check
- Feature: Add an owner to each probe
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scorecard.