yrcjaya/actions_scorecard.py

## actions_scorecard.py
#!/bin/env python3

"""
Requirements:

- [scorecard](https://github.com/ossf/scorecard) installed
- GITHUB_TOKEN set in environment variable
- [sqlite-utils](https://github.com/simonw/sqlite-utils) installed
"""

import subprocess

REPOS = [
        # Github
        'actions/checkout',
        # Verified
        'serverless/github-action',
        # Custom
        'oslokommune/serverless-python-action',
        'peter-evans/create-or-update-comment',
        'octokit/request-action',
        'coursier/cache-action',
        'louisbrunner/checks-action',
        'fakir/skip-duplicate-action',
        'webfactory/ssh-agent',
        'rbialon/flake8-annotation',
        'scacap/action-surefire-report',
        '5monkeys/cobertura-action'
]

CHECKS = {
        'essential': ['CI-Tests', 'Code-Review', 'Contributors', 'Maintained', 'Pinned-Dependencies', 'Security-Policy', 'Vulnerabilities'],
        'basic': ['Code-Review', 'Contributors', 'Maintained', 'Pinned-Dependencies', 'Vulnerabilities'],
        'security': ['Code-Review', 'Contributors', 'Maintained', 'Pinned-Dependencies', 'Security-Policy', 'Vulnerabilities'],
}


def main():
    for cat, check_list in CHECKS.items():
        table = cat.lower()
        for repo in REPOS:
            flatten_check = ','.join(check_list)
            scorecard_cmd = f'scorecard --checks={flatten_check} --show-details --format json --repo=github.com/{repo}'
            sqlite_cmd = f'sqlite-utils insert scorecards.db {table} - --flatten'
            subprocess.run(['bash', '-c', f'{scorecard_cmd} | {sqlite_cmd}'])


if __name__ == '__main__':
    main()

## report.sql
-- List each repo score for each checks category

SELECT REPLACE(e.repo_name, 'github.com/', '') AS 'action', e.score AS 'essential', b.score AS 'basic', s.score AS 'security' FROM essential e
INNER JOIN basic b ON b.repo_name = e.repo_name
INNER JOIN "security" s ON s.repo_name = e.repo_name
ORDER BY 1

## report_output.md

      
    Raw
  

              report_output.md
            
          
action
essential
basic
security


5monkeys/cobertura-action
5.2
6.1
5.2


actions/checkout
6.2
5.6
6.2


coursier/cache-action
7.0
8.4
7.0


louisbrunner/checks-action
5.3
5.8
5.0


octokit/request-action
7.1
8.2
7.0


oslokommune/serverless-python-action
5.7
6.7
5.7


peter-evans/create-or-update-comment
6.7
7.8
6.7


scacap/action-surefire-report
4.2
4.8
4.1


serverless/github-action
4.8
5.6
4.8


webfactory/ssh-agent
5.5
6.4
5.5
	#!/bin/env python3

	"""
	Requirements:

	- [scorecard](https://github.com/ossf/scorecard) installed
	- GITHUB_TOKEN set in environment variable
	- [sqlite-utils](https://github.com/simonw/sqlite-utils) installed
	"""

	import subprocess

	REPOS = [
	# Github
	'actions/checkout',
	# Verified
	'serverless/github-action',
	# Custom
	'oslokommune/serverless-python-action',
	'peter-evans/create-or-update-comment',
	'octokit/request-action',
	'coursier/cache-action',
	'louisbrunner/checks-action',
	'fakir/skip-duplicate-action',
	'webfactory/ssh-agent',
	'rbialon/flake8-annotation',
	'scacap/action-surefire-report',
	'5monkeys/cobertura-action'
	]

	CHECKS = {
	'essential': ['CI-Tests', 'Code-Review', 'Contributors', 'Maintained', 'Pinned-Dependencies', 'Security-Policy', 'Vulnerabilities'],
	'basic': ['Code-Review', 'Contributors', 'Maintained', 'Pinned-Dependencies', 'Vulnerabilities'],
	'security': ['Code-Review', 'Contributors', 'Maintained', 'Pinned-Dependencies', 'Security-Policy', 'Vulnerabilities'],
	}


	def main():
	for cat, check_list in CHECKS.items():
	table = cat.lower()
	for repo in REPOS:
	flatten_check = ','.join(check_list)
	scorecard_cmd = f'scorecard --checks={flatten_check} --show-details --format json --repo=github.com/{repo}'
	sqlite_cmd = f'sqlite-utils insert scorecards.db {table} - --flatten'
	subprocess.run(['bash', '-c', f'{scorecard_cmd} \| {sqlite_cmd}'])


	if __name__ == '__main__':
	main()
	-- List each repo score for each checks category

	SELECT REPLACE(e.repo_name, 'github.com/', '') AS 'action', e.score AS 'essential', b.score AS 'basic', s.score AS 'security' FROM essential e
	INNER JOIN basic b ON b.repo_name = e.repo_name
	INNER JOIN "security" s ON s.repo_name = e.repo_name
	ORDER BY 1
action	essential	basic	security
5monkeys/cobertura-action	5.2	6.1	5.2
actions/checkout	6.2	5.6	6.2
coursier/cache-action	7.0	8.4	7.0
louisbrunner/checks-action	5.3	5.8	5.0
octokit/request-action	7.1	8.2	7.0
oslokommune/serverless-python-action	5.7	6.7	5.7
peter-evans/create-or-update-comment	6.7	7.8	6.7
scacap/action-surefire-report	4.2	4.8	4.1
serverless/github-action	4.8	5.6	4.8
webfactory/ssh-agent	5.5	6.4	5.5