GitHub Actions: Reinstate fossa.com integration #1244
Comments
|
Copying discussion from duplicate: me:
lukas
|
|
I had a look and I think the CII requirements do not ask for specific tools (and fossa is not mentioned in the TUF entry). The analysis section should be relevant: https://bestpractices.coreinfrastructure.org/en/projects/1351#analysis I want to mention that I was honestly asking about the FOSSA features -- I'm not familiar with it and their documentation is a bit vague so I'm not sure if it does something we'd be interested in. |
Thanks for checking, but I think you looked up the "passing"-level criteria. "Gold"-level (you can toggle at the top) has the following criterion under Quality -> Automated test suite: "The project MUST have FLOSS automated test suite(s) that provide at least 90% statement coverage if there is at least one FLOSS tool that can measure this criterion in the selected language"
I am not familiar with it either. |
unittest + coverage fills this requirement, no? |
|
🤦 I completely misread that sentence. For some reason I thought that "FLOSS automated test suite" was referring to license scanning. |
|
Maybe @JustinCappos remembers why this was enabled in late 2017? (See 600e25f). |
|
@caniszczyk, you seem to have initiated this feature in #509. Would you mind letting us in on the original motivation? |
Description of issue or feature request:
A recent switch from Travis (and Appveyor) to GitHub Actions removed fossa.com integration from our CI setup. (see #1242)
Current behavior:
No publication of license data on fossa.com
No fossa.com badge
Expected behavior:
Re-instate publication of license data on fossa.com
Re-add fossa.com badge (revert 0ab9ee7)
The text was updated successfully, but these errors were encountered: