From aba7a3f1fe9603d02b1fefd5830350dc8875f37d Mon Sep 17 00:00:00 2001 From: BekahHW Date: Mon, 29 Jul 2024 18:49:25 -0400 Subject: [PATCH 1/4] Change order of bullet points --- docs/features/repo-pages.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/features/repo-pages.md b/docs/features/repo-pages.md index 1aff595d..5c80a41b 100644 --- a/docs/features/repo-pages.md +++ b/docs/features/repo-pages.md @@ -48,12 +48,12 @@ If you want to keep track of a repository, use the "Add to WorkSpace" button on The charts on our repository pages offer a visual representation of key project metrics: - **Contributors Overview**: Our bar chart shows contributions by internal, new, and recurring contributors, exibiting the distribution of contributions and the project's ability to attract new contributors. -- **Issue Resolution Trends**: Our line graphs display the number of issues opened versus those closed within specified periods, offering insights into the effectiveness of problem resolution and how issue volume changes over time. -- **Pull Request Dynamics**: Analyze pull request activity by the numbers of pull requests opened, closed, and merged. This provides an overview of collaboration efficiency and code review processes. - **Stars and Forks Over Time**: The number of stars and forks the project receives over time, illustrating the project's growth in popularity and its spread within the developer community. - **[Lottery Factor](../welcome/glossary.md#lottery-factor)**: This unique metric highlights the dependency on key contributors. A project is considered vulnerable if 2 or fewer contributors account for 50% or more of the project's contributions. This indicates a potential risk if one of these contributors leaves the project. - **[YOLO Coders](../welcome/glossary.md#yolo-coders)**: This metric identifies contributors who push changes directly to the default branch without creating a pull request or seeking community feedback. - **Contributor Confidence**: This metric predicts the likelihood that users who star or fork a repository will return to make contributions. A higher confidence score indicates a greater probability of these users actively engaging with the repository. +- **Issue Resolution Trends**: Our line graphs display the number of issues opened versus those closed within specified periods, offering insights into the effectiveness of problem resolution and how issue volume changes over time. +- **Pull Request Dynamics**: Analyze pull request activity by the numbers of pull requests opened, closed, and merged. This provides an overview of collaboration efficiency and code review processes. You can use the time range filter to view the number of stars and forks over different periods, such as the last 7 days, month, or the last year. From 1e7ef9210dbc7d4cc77010d7ac4b4e500140c387 Mon Sep 17 00:00:00 2001 From: BekahHW Date: Mon, 29 Jul 2024 18:50:01 -0400 Subject: [PATCH 2/4] Move stars and forks down --- docs/features/repo-pages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features/repo-pages.md b/docs/features/repo-pages.md index 5c80a41b..8f8b8f4c 100644 --- a/docs/features/repo-pages.md +++ b/docs/features/repo-pages.md @@ -48,12 +48,12 @@ If you want to keep track of a repository, use the "Add to WorkSpace" button on The charts on our repository pages offer a visual representation of key project metrics: - **Contributors Overview**: Our bar chart shows contributions by internal, new, and recurring contributors, exibiting the distribution of contributions and the project's ability to attract new contributors. -- **Stars and Forks Over Time**: The number of stars and forks the project receives over time, illustrating the project's growth in popularity and its spread within the developer community. - **[Lottery Factor](../welcome/glossary.md#lottery-factor)**: This unique metric highlights the dependency on key contributors. A project is considered vulnerable if 2 or fewer contributors account for 50% or more of the project's contributions. This indicates a potential risk if one of these contributors leaves the project. - **[YOLO Coders](../welcome/glossary.md#yolo-coders)**: This metric identifies contributors who push changes directly to the default branch without creating a pull request or seeking community feedback. - **Contributor Confidence**: This metric predicts the likelihood that users who star or fork a repository will return to make contributions. A higher confidence score indicates a greater probability of these users actively engaging with the repository. - **Issue Resolution Trends**: Our line graphs display the number of issues opened versus those closed within specified periods, offering insights into the effectiveness of problem resolution and how issue volume changes over time. - **Pull Request Dynamics**: Analyze pull request activity by the numbers of pull requests opened, closed, and merged. This provides an overview of collaboration efficiency and code review processes. +- **Stars and Forks Over Time**: The number of stars and forks the project receives over time, illustrating the project's growth in popularity and its spread within the developer community. You can use the time range filter to view the number of stars and forks over different periods, such as the last 7 days, month, or the last year. From e154f3c77a119a1007dc9c25d3020e99e1cce2c3 Mon Sep 17 00:00:00 2001 From: BekahHW Date: Mon, 29 Jul 2024 18:56:05 -0400 Subject: [PATCH 3/4] Add OSSF to repo pages --- docs/features/repo-pages.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/features/repo-pages.md b/docs/features/repo-pages.md index 8f8b8f4c..62e5b835 100644 --- a/docs/features/repo-pages.md +++ b/docs/features/repo-pages.md @@ -51,6 +51,7 @@ The charts on our repository pages offer a visual representation of key project - **[Lottery Factor](../welcome/glossary.md#lottery-factor)**: This unique metric highlights the dependency on key contributors. A project is considered vulnerable if 2 or fewer contributors account for 50% or more of the project's contributions. This indicates a potential risk if one of these contributors leaves the project. - **[YOLO Coders](../welcome/glossary.md#yolo-coders)**: This metric identifies contributors who push changes directly to the default branch without creating a pull request or seeking community feedback. - **Contributor Confidence**: This metric predicts the likelihood that users who star or fork a repository will return to make contributions. A higher confidence score indicates a greater probability of these users actively engaging with the repository. +- **OSSF Scorecard**: A standardized metric developed by the Open Source Security Foundation to evaluate the security practices of open source projects based on a set of security criteria. These criteria cover various aspects of project maintenance and security practices. The resulting score provides a quick overview of the project's adherence to security best practices. - **Issue Resolution Trends**: Our line graphs display the number of issues opened versus those closed within specified periods, offering insights into the effectiveness of problem resolution and how issue volume changes over time. - **Pull Request Dynamics**: Analyze pull request activity by the numbers of pull requests opened, closed, and merged. This provides an overview of collaboration efficiency and code review processes. - **Stars and Forks Over Time**: The number of stars and forks the project receives over time, illustrating the project's growth in popularity and its spread within the developer community. @@ -93,6 +94,15 @@ Understanding Contributor Confidence can help you gauge the health of a reposito For **Owners/Maintainers**, Contributor Confidence helps understand recent stars and forks in the context of contributors. A higher score suggests more people who have recently contributed elsewhere or within the repository itself, which can be a positive indicator of the overall health of your repository. +### Insights into the OSSF Scorecard + +The Scorecard serves two primary purposes: + +- To help open source maintainers improve their security best practices +- To assist open source consumers in assessing the safety of their dependencies + +You can find out more about how the OSSF Scorecard works and how to interpret the results on the [OSSF Scorecard website](https://scorecard.dev/#what-is-openssf-scorecard). + ### Contributor Dashboard The Contributor Dashboard offers a comprehensive view of all contributors, showcasing the frequency and size of each person’s contributions. From 4852a1ff18fdf07a33f34e00d4d32772b9454225 Mon Sep 17 00:00:00 2001 From: BekahHW Date: Mon, 29 Jul 2024 18:57:09 -0400 Subject: [PATCH 4/4] Add OSSF to glossary --- docs/welcome/glossary.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/welcome/glossary.md b/docs/welcome/glossary.md index afd6c7b9..2da14833 100644 --- a/docs/welcome/glossary.md +++ b/docs/welcome/glossary.md @@ -51,6 +51,10 @@ The name "Lottery Factor" comes from the idea that if a key contributor wins the A contributor who has recently made their first contribution to a project. +## OSSF Scorecard + +The Open Source Security Foundation (OSSF) Scorecard is a standardized metric developed by the Open Source Security Foundation to evaluate the security practices of open source projects based on a set of security criteria. These criteria cover various aspects of project maintenance and security practices. The resulting score provides a quick overview of the project's adherence to security best practices. + ## PR Overview PR Overview tells the story of the Pull Requests (PRs) submitted in the last 30 days: