@@ -40,22 +40,54 @@ def is_ready(self) -> bool:
4040_CRITERIA = [
4141 # Basics
4242 ("basics_description" , "Basics" , "The project MUST have a description of what it does." ),
43- ("basics_interact" , "Basics" , "The project MUST provide a way for users to interact with developers." ),
43+ (
44+ "basics_interact" ,
45+ "Basics" ,
46+ "The project MUST provide a way for users to interact with developers." ,
47+ ),
4448 ("basics_contribution" , "Basics" , "The project MUST have a contribution guide." ),
45- ("basics_license" , "Basics" , "The project MUST be released under an OSI-approved open source license." ),
49+ (
50+ "basics_license" ,
51+ "Basics" ,
52+ "The project MUST be released under an OSI-approved open source license." ,
53+ ),
4654 # Change control
47- ("change_public_repo" , "Change Control" , "The project MUST have a public version-controlled repository." ),
55+ (
56+ "change_public_repo" ,
57+ "Change Control" ,
58+ "The project MUST have a public version-controlled repository." ,
59+ ),
4860 ("change_version_semver" , "Change Control" , "The project MUST use semantic versioning." ),
4961 # Reporting
50- ("report_vulnerability_process" , "Reporting" , "The project MUST have a vulnerability reporting process (SECURITY.md)." ),
51- ("report_vulnerability_private" , "Reporting" , "The project MUST support private vulnerability reporting." ),
62+ (
63+ "report_vulnerability_process" ,
64+ "Reporting" ,
65+ "The project MUST have a vulnerability reporting process (SECURITY.md)." ,
66+ ),
67+ (
68+ "report_vulnerability_private" ,
69+ "Reporting" ,
70+ "The project MUST support private vulnerability reporting." ,
71+ ),
5272 # Quality
5373 ("quality_tests" , "Quality" , "The project MUST have an automated test suite." ),
5474 ("quality_ci" , "Quality" , "The project MUST use CI to run tests automatically." ),
5575 # Security
56- ("security_static_analysis" , "Security" , "The project MUST use at least one static analysis tool (e.g. CodeQL)." ),
57- ("security_dependency_monitoring" , "Security" , "The project MUST monitor dependencies for known vulnerabilities." ),
58- ("security_hardened_dependencies" , "Security" , "Dependencies MUST be updated when vulnerabilities are found." ),
76+ (
77+ "security_static_analysis" ,
78+ "Security" ,
79+ "The project MUST use at least one static analysis tool (e.g. CodeQL)." ,
80+ ),
81+ (
82+ "security_dependency_monitoring" ,
83+ "Security" ,
84+ "The project MUST monitor dependencies for known vulnerabilities." ,
85+ ),
86+ (
87+ "security_hardened_dependencies" ,
88+ "Security" ,
89+ "Dependencies MUST be updated when vulnerabilities are found." ,
90+ ),
5991 # Analysis
6092 ("analysis_scorecard" , "Analysis" , "The project SHOULD use OpenSSF Scorecard." ),
6193 ("analysis_sbom" , "Analysis" , "The project SHOULD generate SBOMs." ),
@@ -75,14 +107,16 @@ def assess_badge_readiness(project_path: str | Path) -> BadgeReport:
75107 # Assess each criterion
76108 for crit_id , category , question in _CRITERIA :
77109 status , evidence , suggestion = _assess_criterion (crit_id , info , path )
78- criteria .append (BadgeCriterion (
79- id = crit_id ,
80- category = category ,
81- question = question ,
82- status = status ,
83- evidence = evidence ,
84- suggestion = suggestion ,
85- ))
110+ criteria .append (
111+ BadgeCriterion (
112+ id = crit_id ,
113+ category = category ,
114+ question = question ,
115+ status = status ,
116+ evidence = evidence ,
117+ suggestion = suggestion ,
118+ )
119+ )
86120
87121 met = sum (1 for c in criteria if c .status == "met" )
88122 unmet = sum (1 for c in criteria if c .status == "unmet" )
@@ -98,9 +132,7 @@ def assess_badge_readiness(project_path: str | Path) -> BadgeReport:
98132 )
99133
100134
101- def _assess_criterion (
102- crit_id : str , info : ProjectInfo , path : Path
103- ) -> tuple [str , str , str ]:
135+ def _assess_criterion (crit_id : str , info : ProjectInfo , path : Path ) -> tuple [str , str , str ]:
104136 """Assess a single criterion. Returns (status, evidence, suggestion)."""
105137
106138 if crit_id == "basics_description" :
@@ -143,6 +175,7 @@ def _assess_criterion(
143175 return "met" , "Version found in pyproject.toml" , ""
144176 if pkg_json .exists ():
145177 import json
178+
146179 data = json .loads (pkg_json .read_text ())
147180 if "version" in data :
148181 return "met" , f"Version { data ['version' ]} in package.json" , ""
0 commit comments