Docs?: Why do a few of the dependencies for the OpenSSF scorecard get invalid repository, and why are they not shown in the mvn related PR´s? (but in NPM)..

[janderssonse]

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

GitLab

Please tell us more about your question or problem

Hi, we have two questions regarding the OpenSSF Scorecard function. 1) Why do some repositores gets listed with invalid repository instead of a score? 2) Why is this also shown in the mvn PR information, only in npm. It would be great if these two questions would be answered in the docs. Thanks!!

Logs (if relevant)

Logs

Replace this text with your logs, between the starting and ending triple backticks

[rarkins]

To get a score:

• Renovate must be able to determine the source repo of the package. This is not always available from registries
• The OpenSSF must have scored that same repo

[janderssonse]

Thanks @rarkins

[janderssonse]

Should I fix a PR for adding that to the docs regarding that setting? Would have been clearer for me at least.

[rarkins]

Yes thanks, I'm sure a quick clarity in the relevant spot would benefit future readers