Skip to content

Commit da785a2

Browse files
david-a-wheelerdavid-a-wheeler
authored
Rename CII->OpenSSF Best Practices badge (#2239)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
1 parent c665f27 commit da785a2

File tree

3 files changed

+10
-10
lines changed

3 files changed

+10
-10
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -436,7 +436,7 @@ Name | Description | Risk Level | Token Req
436436
[Binary-Artifacts](docs/checks.md#binary-artifacts) | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN |
437437
[Branch-Protection](docs/checks.md#branch-protection) | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN | certain settings are only supported with a maintainer PAT
438438
[CI-Tests](docs/checks.md#ci-tests) | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)? | Low | PAT, GITHUB_TOKEN |
439-
[CII-Best-Practices](docs/checks.md#cii-best-practices) | Does the project have a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)? | Low | PAT, GITHUB_TOKEN |
439+
[CII-Best-Practices](docs/checks.md#cii-best-practices) | Does the project have an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)? | Low | PAT, GITHUB_TOKEN |
440440
[Code-Review](docs/checks.md#code-review) | Does the project require code review before code is merged? | High | PAT, GITHUB_TOKEN |
441441
[Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN |
442442
[Dangerous-Workflow](docs/checks.md#dangerous-workflow) | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN |

docs/checks.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -156,11 +156,11 @@ If a project's system was not detected and you think it should be, please
156156

157157
Risk: `Low` (possibly not following security best practices)
158158

159-
This check determines whether the project has earned a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/),
159+
This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/),
160160
which indicates that the project uses a set of security-focused best development practices for open
161-
source software. The check uses the URL for the Git repo and the CII API.
161+
source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.
162162

163-
The CII Best Practices badge has 3 tiers: passing, silver, and gold. We give
163+
The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
164164
full credit to projects that meet the [passing criteria](https://bestpractices.coreinfrastructure.org/criteria/0), which is a
165165
significant achievement for many projects. Lower scores represent a project that
166166
is at least working to achieve a badge, with increasingly more points awarded as
@@ -185,7 +185,7 @@ Some of these criteria overlap with other Scorecards checks.
185185

186186

187187
**Remediation steps**
188-
- Sign up for the [CII Best Practices program](https://bestpractices.coreinfrastructure.org/en).
188+
- Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/).
189189

190190
## Code-Review
191191

docs/checks/internal/checks.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -249,15 +249,15 @@ checks:
249249
risk: Low
250250
tags: security-awareness, security-training, security
251251
repos: GitHub
252-
short: Determines if the project has a CII Best Practices Badge.
252+
short: Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
253253
description: |
254254
Risk: `Low` (possibly not following security best practices)
255255
256-
This check determines whether the project has earned a [CII Best Practices Badge](https://bestpractices.coreinfrastructure.org/),
256+
This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/),
257257
which indicates that the project uses a set of security-focused best development practices for open
258-
source software. The check uses the URL for the Git repo and the CII API.
258+
source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API.
259259
260-
The CII Best Practices badge has 3 tiers: passing, silver, and gold. We give
260+
The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give
261261
full credit to projects that meet the [passing criteria](https://bestpractices.coreinfrastructure.org/criteria/0), which is a
262262
significant achievement for many projects. Lower scores represent a project that
263263
is at least working to achieve a badge, with increasingly more points awarded as
@@ -281,7 +281,7 @@ checks:
281281
Some of these criteria overlap with other Scorecards checks.
282282
remediation:
283283
- >-
284-
Sign up for the [CII Best Practices program](https://bestpractices.coreinfrastructure.org/en).
284+
Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/).
285285
Code-Review:
286286
risk: High
287287
tags: supply-chain, security, source-code, code-reviews

0 commit comments

Comments
 (0)