Feature: Scorecard output should be human readable HTML

[azeemshaikh38]

Is your feature request related to a problem? Please describe.
This is after discussions with the Envoy team. Today, output of Scorecard command says Pass/Fail with confidence numbers. For someone new to Scorecard, this in itself wouldn't relay anything meaningful.

Describe the solution you'd like
Instead, the output should be a detailed report mentioning what the tool tried to do and why the particular check failed. Providing clear reasons about failures and confidence values will let users decide if they care about fixing the failure and how they should go about fixing it.

[azeemshaikh38]

@inferno-chromium @asraa

[laurentsimon]

We can do this using the following:

1. Update the checks.yaml to provide more information w.r.t the reasoning for having the check and details about how the check is made. The yaml file currently contains a description and remediation section for each check. Maybe we could add a why section explaining why it's useful, and a success section explaining what is needed for this check to be successful (e.g. at least 2 commits in the last 90 days).
2. Update the runtime information given by--show-details. Currently this command contains debug info. We can cleanup what we display to make it more user-readable and we can use the debug level to filter information (default would only contain information needed by a typical user; whereas debug could have everything)

Wdut?

[inferno-chromium]

We can do this using the following:

1. Update the checks.yaml to provide more information w.r.t the reasoning for having the check and details about how the check is made.
2. Update the runtime information given by--show-details. Currently this command contains debug info. We can cleanup what we display to make it more user-readable and we can use the debug level to filter information (default would only contain information needed by a typical user; whereas debug could have everything)

Wdut?

Azeem added some thoughts in another PR - #347 (comment)

[azeemshaikh38]

I think the solution in #347 (comment) should cover this too. If you have thoughts/feedback about that approach, we can discuss more on the other thread.

Once we have a consensus on the solution, I'm happy if someone can take up the implementation of it. Since @naveensrinivasan already had a PR for this - I'll leave it upto @naveensrinivasan and @laurentsimon to decide how to proceed with the implementation.

[joycebrum]

How is it going the implementation of this issue? I've got another example of a maintainer requesting this feature systemd/systemd#25042 (comment)

[laurentsimon]

nobody is working on it. Who is the consumer of the html result? deps.dev are working on better visualization, would it be enough?

[evverx]

Who is the consumer of the html result?

systemd/systemd#25054 (comment)

deps.dev are working on better visualization

It doesn't support low-level projects like systemd

[joycebrum]

Actually I misplaced the comment. It is related to the json shown when users click on the badge to see its result, perhaps I should have comment here ossf/scorecard-webapp#206

[evverx]

That issue seems to have been abandoned in favor of deps.dev

[spencerschrock]

Just doing some issue cleanup.
Should have been resolved through ossf/scorecard-webapp#406