Skip to content

Feature: Scorecard Dependency-diff API, CLI and Action #2008

New issue
New issue
Closed
#4146
Closed
Feature: Scorecard Dependency-diff API, CLI and Action#2008
#4146
Assignees
spencerschrock
Labels
kind/enhancementNew feature or requestneeds discussion
@aidenwang9867

Description

@aidenwang9867
aidenwang9867
opened on Jun 28, 2022

Is your feature request related to a problem? Please describe.
The scorecard Action only reports the Scorecard results for the repository under analysis. The project will surface scorecard results for the dependencies for new pull requests.

Describe the solution you'd like

  1. Add an API design that can fetch direct dependency changes (diffs) from a pull request using the GitHub Dependency Review API, surface Scorecard checks and scores for those dependencies and return the results.

  2. Add a new Scorecard sub-command CLI, scorecard dependency-diff, which uses the above API and outputs the result dependencies as JSON.

  3. Add a new Scorecard Action running on a pull request, use the API to visualize the dependency-diff and their Scorecard checking results in the PR comments as markdown.

Additional context
Assignee: @aidenwang9867

Metadata

Metadata

Assignees

Labels

kind/enhancementNew feature or requestneeds discussion

Type

No type

Projects

OpenSSF Scorecard

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions