Use deps.dev for OpenSSF scorecard results link #3368
Conversation
|
A resync should fix the test errors. |
|
adding @devoncarew as a reviewer; I don't know what this link is or what it is for exactly so I'm not sure I can say for sure that this is correct. The new destination definitely looks better, though. |
|
That 2nd page does look better. Do you have another example of a repo (dart or flutter) linking to deps.dev, or, does securityscorecards.dev have a more user-friendly URL / page? cc @sealesj |
Yep, I believe all the Flutter repositories (with scorecards) do, for example flutter/flutter. Recently we requested the dart-lang repos with scorecards be added to the deps.dev dataset so we could link there too, for example, dart-lang/linter and dart-lang/site-www. securityscorecards.dev does not have a user-friendly page yet: ossf/scorecard-webapp#206 |
This is linked to by the OpenSSF scorecard badge at the top of the README. The previous link was to unformatted JSON. Instead, this links to deps.dev which formats the results and in the future may include other information.
Previous link: https://api.securityscorecards.dev/projects/github.com/dart-lang/dartdoc
New link: https://deps.dev/project/github/dart-lang%2Fdartdoc