Skip to content

feat(scorecard): add OpenSSF scorecard #1952

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alizard0 wants to merge 13 commits into
base: main
Choose a base branch
from
Open

feat(scorecard): add OpenSSF scorecard #1952

alizard0 wants to merge 13 commits into from

Conversation

@alizard0
Copy link
Member

@alizard0 alizard0 commented Dec 12, 2025
edited
Loading

  1. Implemented abstract openssf metric provider, its implementations are added to a list in runtime.
  2. Implemented OpenSSF Client (with only one GET request)
  3. Implemented tests
  4. Review the thresholds
  5. Perform end-to-end tests (using frontend)
Screenshot 2025-12-22 at 11 31 10

@rhdh-gh-app
Copy link

rhdh-gh-app bot commented Dec 12, 2025
edited
Loading

Missing Changesets

The following package(s) are changed by this PR but do not have a changeset:

  • @red-hat-developer-hub/backstage-plugin-scorecard-backend

See CONTRIBUTING.md for more information about how to add changesets.

Changed Packages

Package Name Package Path Changeset Bump Current Version
backend workspaces/scorecard/packages/backend none v0.0.0
@red-hat-developer-hub/backstage-plugin-scorecard-backend-module-openssf workspaces/scorecard/plugins/scorecard-backend-module-openssf none v0.1.0
@red-hat-developer-hub/backstage-plugin-scorecard-backend workspaces/scorecard/plugins/scorecard-backend none v2.2.0

JessicaJHee
JessicaJHee reviewed Dec 16, 2025
View reviewed changes
Copy link
Member

@JessicaJHee JessicaJHee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great so far and works! Left a suggestion here, PTAL!

@dzemanov
Copy link
Member

dzemanov commented Dec 17, 2025

Thank you for the PR!

I have only a couple of questions:

  1. Default thresholds for numbers are set to following values: <10 success, 10-50 warning, >50 error. Do these thresholds need to be adjusted for openssf metrics, I see the resulting score should be out of 10, -1 is error?
  2. Does it make sense to allow admins to configure in app-config different custom thresholds for openssf metrics, or the same score should be always mapped to the same threshold result (success, warning, error)?

@alizard0 alizard0 changed the title [DRAFT] Add OpenSSF Scorecard Add OpenSSF Scorecard Dec 22, 2025
@alizard0 alizard0 changed the title Add OpenSSF Scorecard feat(scorecard): add OpenSSF scorecard Dec 22, 2025
@alizard0
Copy link
Member Author

alizard0 commented Dec 22, 2025

/retest

@alizard0 alizard0 force-pushed the add-scorecard-backend-module-openssf branch from cec553f to 4eb490d Compare December 22, 2025 16:08
@alizard0
Copy link
Member Author

alizard0 commented Dec 22, 2025

/retest

@alizard0
Copy link
Member Author

alizard0 commented Dec 22, 2025

Quality Gate Failed Quality Gate failed

Failed conditions 11.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

I dont agree tbh, the code isn't duplicated. This complains about a list with objects that contains data, the only "duplicated" code is the name of each variable of such objects.

@alizard0
Copy link
Member Author

alizard0 commented Dec 22, 2025

/retest

dzemanov
dzemanov requested changes Dec 23, 2025
View reviewed changes
@alizard0
Throws error when metric score is lower than 0 or higher than 10; Add…
3b7c562 
…ed unit tests; Added documentation; Review work
dzemanov
dzemanov reviewed Dec 23, 2025
View reviewed changes
dzemanov
dzemanov reviewed Dec 23, 2025
View reviewed changes
dzemanov
dzemanov reviewed Dec 23, 2025
View reviewed changes
alizard0 and others added 2 commits December 23, 2025 16:08
@alizard0 @dzemanov
Update workspaces/scorecard/examples/openssf-scorecard-only.yaml
0a5f836 
Co-authored-by: Dominika Zemanovicova <36102317+dzemanov@users.noreply.github.com>
@alizard0 @dzemanov
Update workspaces/scorecard/examples/openssf-scorecard-only.yaml
fe5b1f9 
Co-authored-by: Dominika Zemanovicova <36102317+dzemanov@users.noreply.github.com>
dzemanov
dzemanov approved these changes Dec 23, 2025
View reviewed changes
Copy link
Member

@dzemanov dzemanov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @alizard0, works great!

Screenshot 2025-12-23 at 16 20 10

@dzemanov
Copy link
Member

dzemanov commented Dec 23, 2025

You will just need to fix prettier:
yarn prettier:fix

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 24, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
11.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

@alizard0
Copy link
Member Author

alizard0 commented Dec 26, 2025

/retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JessicaJHee JessicaJHee JessicaJHee left review comments

@dzemanov dzemanov dzemanov approved these changes

@christoph-jerolimov christoph-jerolimov Awaiting requested review from christoph-jerolimov christoph-jerolimov is a code owner

@its-mitesh-kumar its-mitesh-kumar Awaiting requested review from its-mitesh-kumar its-mitesh-kumar is a code owner

@Eswaraiahsapram Eswaraiahsapram Awaiting requested review from Eswaraiahsapram Eswaraiahsapram is a code owner

@ciiay ciiay Awaiting requested review from ciiay

@debsmita1 debsmita1 Awaiting requested review from debsmita1

@karthikjeeyar karthikjeeyar Awaiting requested review from karthikjeeyar

@ydayagi ydayagi Awaiting requested review from ydayagi

@mareklibra mareklibra Awaiting requested review from mareklibra

@batzionb batzionb Awaiting requested review from batzionb

@PreetiW PreetiW Awaiting requested review from PreetiW

@asmasarw asmasarw Awaiting requested review from asmasarw

@divyanshiGupta divyanshiGupta Awaiting requested review from divyanshiGupta

@gciavarrini gciavarrini Awaiting requested review from gciavarrini

@johnmcollier johnmcollier Awaiting requested review from johnmcollier

@gabemontero gabemontero Awaiting requested review from gabemontero

@thepetk thepetk Awaiting requested review from thepetk

@rohitkrai03 rohitkrai03 Awaiting requested review from rohitkrai03

@yangcao77 yangcao77 Awaiting requested review from yangcao77

@Lucifergene Lucifergene Awaiting requested review from Lucifergene

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alizard0 @dzemanov @JessicaJHee