Configure OpenSSF Scorecard Action#3571
Conversation
Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce <joycebrum@google.com>
|
Thank you |
Is this ranking published somewhere? |
|
Hi @vitaut. This ranking is not published anywhere, we've calculated it from the publicly available BigQuery data, so it is considering about 1 million projects. We've made this estimative by the end of the last year, so it may have changed a little. Considering the entire database, only 0.6% of the project had the score greater or equal to 7.1 (which is fmt current score) Filtering the database to only consider projects with criticality_score > 0.5, which is ~10k projects (criticality score also has a public BQ database), the percentile goes to 9.6% (which makes sense since these are projects that probably needs to care more about security). Te most majority of projects in both analysis scores between 4 and 6. |
Closes #3530
Hi, I've configured both the action and the badge.
By the way, fmt score is awesome on the OpenSSF Scorecard analysis, being one of the top 18% projects with best scores.
Any concerns, let me know!