LogoLogo
  • LFX Platform
  • Single Sign-On (SSO)
    • Create an Account
    • Sign in to Your Account
      • Sign in with Google
      • Sign in with GitHub
      • Sign in with LinkedIn
    • Manage Your Profile
    • Forgot Password
    • Have a question
    • Log Out
  • Individual Dashboard (MyProfile)
    • Release Notes
      • V0.7.0
      • V0.6.25 and V0.6.26
    • Quick Start Guide
      • Home Page
      • Profile
      • LF Events
      • Meetings
      • My Insights Beta Version
      • Purchases
      • Settings
    • Home Page
    • Share Your Experience- Help Us Improve
    • Profile
      • Badges and Skills
      • Open Source Event Speaking Experience
      • Technical Contributors
      • Linux Foundation & Project Issued Certifications
      • Training Enrollment
      • Community Roles
      • Supported Projects
    • Meetings
      • Find Your Host Key
    • My Insights Beta Version
    • LF Events
      • Registered
      • Past
      • Visa Letters
        • Updating Visa Letter Application
      • Travel Funding
        • Community Events Funding
    • Purchases
      • Coupons
      • Transactions
      • Individual Enrollments
      • Purchase a Linux.com Email
    • Data and Privacy
      • Data Visibility
    • Showcase your Maintainer Badges in LFX NOW!
      • Maintainer Badge LFX Support
      • What do I have to do as a Project Administrator?
    • Settings
      • Password
      • Manage Profile Visibility
      • Basic Information
      • Email Management
        • Email Preferences
      • My Work History
    • TUX Rewards FAQs
  • Insights
    • Insights
      • Release Notes
        • Release Version: V0.1.13
        • Release Version: V0.1.1
        • Release Version: V0.1.0
      • Unlocking Data-Driven Potential with Insights
      • Intended Audience
      • How does Insights help you?
      • Core Concepts
      • Activities Types
      • Getting Started
        • Accessing Insights
        • Home Page
          • Foundation Cards
          • Accessing the Foundation Overview Page
            • Foundation Overview
              • Project Ecosystem
              • Distribution of Projects
              • Project Velocity
            • Foundation's Projects
          • Project Cards
          • COCOMO: Cost Estimation Simplified
      • Project Overview Page
        • Filter the Date Range
        • GitHub
          • Key Metrics and detailed Analysis
            • Contributor
            • Commits
            • Issues
            • Pull Requests
            • Forks
            • Stars
          • Contributor Leaderboard
          • Contributor Dependency
          • Active Days
          • Organization Dependency
          • Organization Leaderboard
          • Contribution outside work hours
          • Geographical Distribution
        • Gerrit
        • Confluence
          • Organization Leaderboard
          • Contributor Leaderboard
          • Most Popular Pages
          • Activities Trend by the Week
          • Activity Breakdown
          • New Organizations
          • Drifting Away Organizations
          • New Contributors
          • Drifting Away Contributors
          • Geographical Distribution
        • Mailing Lists
          • What Is a Mailing List?
          • Key Metrics
          • New Contributors
          • Most Active Contributors
          • New Organizations
          • Most Active Organizations
          • Geographical Distributions
          • Top Mailing Lists
          • Popular Threads
          • Recent Messages
      • Velocity
        • Performance Metrics
        • Lead Time
        • Average Lead Time By Pull Request Size
        • Average Review Time By Pull Request Size
        • Average Wait Time For 1st Review
        • Code Review Engagement
      • Productivity
        • Commits Per Active Day
        • Work Time Distribution Impact
        • New Contributors
        • Drifting Away Contributors
        • Engagement Gap
        • Effort By Pull Request Batch Size
      • Reports
        • Contributors Reports
        • Organizations Reports
        • Activities
        • Retention
        • Project Health
          • Project Popularity
          • Contributor Diversification
          • What to Do When the Project Health Score is Low?
      • GitHub Vs. Git Metrics
      • Troubleshooting and FAQs
      • Glossary
  • Community Data Platform
    • Quick Start Guide
    • Accessing Community Data Platform
    • Project Groups Page
      • My project groups
    • Integrations
      • GitHub Integration
      • Git Integration
      • Gerrit
      • Groups.Io
      • Confluence
      • Slack
      • X/Twitter Integration
      • Reddit Integration
      • Discord Integration
      • LinkedIn Integration
      • Cvent Integration
      • Training and Certifications
      • Dev Integration
      • Hacker News integration
      • Stack Overflow
    • FAQs
  • Project Control Center
    • Release Notes
    • V2 (Latest Version)
      • Overview
      • Homepage
      • Reports
        • Health Metrics
          • Participating Organization
          • Net Promoter Score (NPS)
          • Membership Churn
          • Outstanding Balance
          • Events
          • Training and Certifications
          • Code Contributions
          • Board Meeting Participation
          • Mailing Lists
          • Marketing
        • Marketing Metrics
      • Operations
        • Project Definition
        • Membership
        • Domains
        • Cloud Providers
        • User permissions
      • Collaborations
        • Committees
          • Adding a Committee
          • Adding Members to a Committee
          • Sending Emails to Committee Members
          • Deleting a Member from a Committee
          • Managing Committees
        • Meetings
          • Scheduling a Meeting
          • Manage Meetings
          • Clone Meetings
          • Cancel Meetings
          • Add Documents to Past Meetings
          • Verify Meeting Participants
          • Sending Emails to Meeting Attendees
          • Meeting FAQs
        • Wiki
        • Issue Tracker
        • Voting
        • Mailing Lists
        • Surveys
      • Bookmarks
      • PCC FAQs
        • Meetings FAQs
    • V1 (Prior Version)
      • Release Notes
        • PCC V1.6.6 Release
        • PCC V1.6.5 Release
        • PCC V1.6.4 Release
        • PCC V1.6.3 Release
        • PCC V1.6.0 Release
        • PCC V1.5.1 Release
        • PCC - V1.4 Release
        • PCC - June 28/2022 Release
        • PCC - April 20/2022 Release
        • PCC - March 15/2022 Release
      • Overview
      • PCC Dashboard
      • Role-Based Access Control
        • Roles and Permissions for Project Setup
        • Roles and Permissions for IT Services
      • Adding a Main Project
      • Operations for a Project
        • Project Definition for a Project
        • Legal Setup for a Project
        • Membership Setup for a Project
        • Setting up a Domain for a Project
          • Transferring a Domain
          • Redirecting Your Domain
          • Adding a Service Record
          • Setting up the Email Services
        • Cloud Providers
      • Collaboration Services for a Project
        • Committees Setup for a Project
        • Mailing List
        • Issue Tracker for a Project
        • Setting up Wiki
        • Meeting Management
      • Development
        • Source Control
      • LFX Tools
        • Security
          • Onboarding Projects from GitHub
          • Manage Vulnerabilities
          • Manage False Positives
            • Regular Expressions Cheat Sheet
            • Ignore.yml File
          • Manage Non Inclusive Naming
        • EasyCLA
  • Organization Dashboard
    • Release Notes
      • Release v1.8.0
      • Release v1.7.0
      • Organization Dashboard - 03/July/2023 Release
      • Organization Dashboard - 03/October/2022 Release
    • What's New
      • Related Company Visibility
    • Access and Permissions
    • Learn About LFX Data
    • Introduction
    • Home page
    • Membership
      • Your Active Memberships
      • Renewing an Expired Membership
      • Discover New Open Source Project
    • Code Contributions
    • Training & Certifications
    • Events
      • Overview
      • Sponsorship Insights
      • Travel Funding
    • Access
    • Users FAQs
    • Profile
    • FAQs
  • Security
    • Release Notes
      • LFX Security V2.0.33 Release
      • LFX Security V2.0.32 Release
      • LFX Security V2.0.31 Release
      • LFX Security V2.0.30 Release
      • LFX Security V2.0.29 Release
      • LFX Security V2.0.28 Release
      • LFX Security V2.0.27 Release
      • LFX Security V2.0.26 Release
    • Overview
    • LFX Security FAQs
    • Onboarding your Project
    • LFX Security Requirements
      • Supported Languages
    • Add a Project to LFX Security
    • Open LFX Security
    • Authorization Page
    • Security Status Overview
    • Investigate and Remediate Vulnerabilities
    • Investigate Dependencies in the Application Dependency Tree
    • Get License Information
  • EasyCLA
    • V2
      • Releases and Known Issues
      • Getting Started
        • Prerequisites
        • EasyCLA Troubleshooting
          • EasyCLA Disabled
        • EasyCLA FAQs
        • EasyCLA Development Components
      • Project Managers
        • Sign in to Project Control Center
        • Set up Project on EasyCLA
        • Create New CLA Group
        • Update Template
        • Add or Remove a Project from CLA Group
        • View and Manage CLA Group Details
        • Add and Manage GitHub Organizations
        • Add and Manage Gerrit Organizations
        • Add and Manage GitLab Groups
        • View Connection Status of Git Organizations and Repositories
        • Enforce or Remove CLA Mechanism
        • Invalidate a Contributor's Signature
        • Uninstall the EasyCLA Application
      • Embargo, Sanction, and OFAC Compliance for Secure CLA Signing
      • Contributors
        • Individual Contributor
        • Corporate Contributor
      • Corporate CLA Managers
        • Sign in to the EasyCLA Corporate Console
        • Coordinate Signing CLA and become initial CLA Manager
        • Add or Delete CLA Managers
        • Approve and Manage Contributors
      • EasyCLA and Co-Author Compliance Guide
      • CCLA Signatories
        • Review and sign a Corporate CLA by Request
      • Configuring Merge Queue on GitHub for Branch Protection
      • Glossary
      • Corporate CLA Console
        • Dashboard
        • Projects
        • Manage your Profile
  • Mentorship
    • Release Version: v1.4.23
    • Program Schedule & Timelines
    • Platform Overview
      • View Mentorship Program Details
      • View Mentor/Mentee Profile
      • Toggle Between Mentorship and Crowdfunding
    • Administrators
      • Enroll Your Program
        • Mentorship Project Enrollment Form
      • Edit a Project
      • Open & Close Mentorship Applications
      • Add Mentors
      • View Mentees for the Selected Program
      • Manage Mentees Applications
      • Manage Mentees Tasks
      • Approve Mentee Stipends
      • How to Contact a Mentee
    • Mentees
      • Create Mentee Profile
      • Apply to Mentorship Program
      • Withdraw your Application
      • View your Application Status
      • Manage Your Tasks
      • Manage Your Mentorship Profile
      • Submit Expensify Report to Receive Mentorship Stipend
    • Mentors
      • Become a Mentor
        • Request to be Added to a Program
        • Admin Invites a Mentor to a Program
      • Review Mentees Applications
      • Manage Mentees Tasks
      • Contact a Mentee
      • Manage Your Mentorship Profile
    • Mentee Stipends
      • Total Stipend Amount
    • Mentee Guide
      • Introduction
      • How Mentorship Program Works
      • Why Become a Mentee?
      • What Makes a Good Mentee
      • Am I Eligible to Become a Mentee?
      • How to Apply
      • Not Selected?
      • Start the Journey
        • What is Expected of You
        • Evaluations
        • How to Graduate Successfully
      • Additional Resources
      • Code of Conduct
      • Mentee FAQs
    • Mentor Guide
      • Introduction
      • Participant Roles
      • Getting Started
        • Why to Become a Mentor
        • Can I be a Mentor?
        • Benefits for Mentors
        • What Makes a Good Mentor
        • How to Select Mentees
      • Mentoring Best Practices
      • Maintain Open Source Culture
      • Start Mentoring
        • Create Project Plan and Prepare Mentees
        • Set Expectations
        • Managing the Project Plan
        • Mentee Evaluations
      • Additional Resources
      • Mentorship FAQs
      • Code of Conduct
    • Mentorship FAQs
    • Mentorship - Get Help
  • Crowdfunding
    • Dashboard Overview
      • Projects
      • Events
      • Travel Funds
      • Security Audit
      • General Funds
      • Integrated Services for a Project
      • Toggle Between Crowdfunding and Mentorship
    • Mandatory Compliance for Crowdfunding
    • Apply for Crowdfunding
      • Add a GitHub Project
      • Add a Git Project
      • Add a Project for Security Audit
      • Add General Fund
      • Add an Event
      • Add a Travel Fund
    • Donate/Sponsor
      • Donate as an Individual
      • Donate as a Sponsor
        • Add, Edit, or Delete an Organization
      • Sponsor Events
    • Register for an Event
    • Project Application
    • Event Application
    • Travel Fund Application
    • Security Audit Application
    • General Fund Application
    • Manage Your Crowdfunding Account
    • Get Reimbursed
    • Submit Travel Funding Reimbursement Expensify Report
    • Create and Submit an Expensify Report
    • Crowdfunding FAQs
    • Crowdfunding - Get Help
  • Linux Foundation Individual Supporter Program
    • Enroll in the Linux Foundation Individual Supporter Program
    • Purchase Lifetime Linux.com Email Alias
Powered by GitBook

Copyright © 2022 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks.

On this page
  • Analytics
  • Artifact Hub badge
  • Contributor license agreement
  • Community meeting
  • Developer Certificate of Origin
  • GitHub discussions
  • OpenSSF badge
  • OpenSSF Scorecard badge
  • Recent release
  • Slack presence

Was this helpful?

Edit on GitHub
Export as PDF
  1. Insights
  2. Insights
  3. Project Overview Page
  4. GitHub
  5. Best Practice Score
  6. Checks

Standards

Analytics

ID: analytics

Project websites provide some web analytics.

This check passes if:

  • A Google Analytics 3 (Universal Analytics) Tracking ID is found in the source of the website configured in GitHub. Regexps used:

"UA-[0-9]+-[0-9]+"

  • A Google Analytics 4 Measurement ID is found in the source of the website configured in Github. Regexps used:

"G-[A-Z0-9]+"

  • The HubSpot tracking code is found in the source of the website configured in Github. Regexps used:

"//js.hs-scripts.com/.+\.js"

Artifact Hub badge

ID: artifacthub_badge

Projects can list their content on Artifact Hub to improve their discoverability.

This check passes if:

  • An Artifact Hub badge is found in the repository’s README file. Regexps used:

"https://artifacthub.io/badge/repository/.*

Contributor license agreement

ID: cla

The CLA defines the conditions under which intellectual property is contributed to a business or project.

This check passes if:

  • A CLA check is found in the latest merged PR on GitHub. Regexps used:

"(?i)cncf-cla"
"(?i)cla/linuxfoundation"
"(?i)easycla"
"(?i)license/cla"
"(?i)cla/google"

This check will be automatically marked as exempt if the DCO check passes but this one does not.

Community meeting

ID: community_meeting

Community meetings are often held to engage community members, hear more voices, and get more viewpoints.

This check passes if:

  • A reference to the community meeting is found in the repository’s README file. Regexps used:

"(?i)(community|developer|development) \[?(call|event|meeting|session)"
"(?i)(weekly|biweekly|monthly) \[?meeting"
"(?i)meeting minutes"

Developer Certificate of Origin

ID: dco

Mechanism for contributors to certify that they wrote or have the right to submit the code they are contributing.

This check passes if:

  • The last commits in the repository have the DCO signature (Signed-off-by). Merge pull request and merge branch commits are ignored for this check.

  • A DCO check is found in the latest merged PR on GitHub. Regexps used:

"(?i)dco"

This check will be automatically marked as exempt if the CLA check passes, but this one does not.

GitHub discussions

ID: github_discussions

Projects should enable GitHub discussions in their repositories.

This check passes if:

  • A discussion that is less than one year old is found on GitHub.

OpenSSF badge

ID: openssf_badge

The Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices.

This check passes if:

  • An OpenSSF (CII) badge is found in the repository’s README file. Regexps used:

"(https://www.bestpractices.dev/projects/\d+)"
"(https://bestpractices.coreinfrastructure.org/projects/\d+)"

OpenSSF Scorecard badge

ID: openssf_scorecard_badge

This check passes if:

  • An OpenSSF Scorecard badge is found in the repository’s README file. Regexps used:

"(https://api.securityscorecards.dev/projects/github.com/[^/]+/[^/]+)/badge"

Recent release

ID: recent_release

The project should have released at least one version in the last year.

This check passes if:

  • A release that is less than one year old is found on GitHub.

Slack presence

ID: slack_presence

Projects should have presence in the CNCF Slack or Kubernetes Slack.

This check passes if:

  • A reference to the CNCF Slack or Kubernetes Slack is found in the repository’s README file. Regexps used:

"(?i)https?://cloud-native.slack.com"
"(?i)https?://slack.cncf.io"
"(?i)https?://kubernetes.slack.com"
"(?i)https?://slack.k8s.io"

Last updated 1 year ago

Was this helpful?

Scorecard assesses open source projects for security risks through a series of automated checks. For more information about the Scorecard badge please see .

https://github.com/marketplace/actions/ossf-scorecard-action#scorecard-badge