These are the fields currently available in the scorecard data extract. All values are boolean (true/false). Currently in Use - `openssf.scorecard.raw.active` - `openssf.scorecard.raw.ci-tests` - `openssf.scorecard.raw.code-review` - `openssf.scorecard.raw.contributors` - `openssf.scorecard.raw.frozen-deps` - `openssf.scorecard.raw.fuzzing` - `openssf.scorecard.raw.packaging` - `openssf.scorecard.raw.pull-requests` - `openssf.scorecard.raw.sast` - `openssf.scorecard.raw.security-policy` - `openssf.scorecard.raw.signed-releases` - `openssf.scorecard.raw.signed-tags` Available, but not used right now: - `openssf.scorecard.raw.automatic-dependency-update` - `openssf.scorecard.raw.cii-best-practices` - `openssf.scorecard.raw.token-permissions` I think we pulled `cii-best-practices` out since we already have that data direct, but should we include the other two?
These are the fields currently available in the scorecard data extract. All values are boolean (true/false).
Currently in Use
openssf.scorecard.raw.activeopenssf.scorecard.raw.ci-testsopenssf.scorecard.raw.code-reviewopenssf.scorecard.raw.contributorsopenssf.scorecard.raw.frozen-depsopenssf.scorecard.raw.fuzzingopenssf.scorecard.raw.packagingopenssf.scorecard.raw.pull-requestsopenssf.scorecard.raw.sastopenssf.scorecard.raw.security-policyopenssf.scorecard.raw.signed-releasesopenssf.scorecard.raw.signed-tagsAvailable, but not used right now:
openssf.scorecard.raw.automatic-dependency-updateopenssf.scorecard.raw.cii-best-practicesopenssf.scorecard.raw.token-permissionsI think we pulled
cii-best-practicesout since we already have that data direct, but should we include the other two?