Slide 17
Slide 17 text
16
Structured Result: 実行例と出力例
$ ./scorecard --repo github.com/ossf/scorecard ¥
--probes hasOSVVulnerabilities --format probe
hasOSVVulnerabilitiesのprobeを実行し、その結果をStructured result
として出力
{
...
"repo": {
"name": "github.com/ossf/scorecard",
"commit": "2adbb8876cfa8d41a9bfce61968550afd646eb31"
},
"findings": [
{
"remediation": {
"text": "Fix the GO-2022-0635 by following information from https://osv.dev/GO-2022-0635...”,
"effort": 3
},
"probe": "hasOSVVulnerabilities",
"message": "Project is vulnerable to: GO-2022-0635",
"outcome": "True"
},
...
]
}