chore: add .bestpractices.json + lint workflow#17
Merged
Conversation
The OpenSSF Best Practices BadgeApp (bestpractices.dev) reads a repo's .bestpractices.json on demand to populate proposed answers for each criterion when the maintainer clicks "Save (and continue) 🤖" on the project's edit page (per docs/bestpractices-json.md upstream). This commit lands the project's source-of-truth answers for the 67 passing-tier criteria — flat <criterion>_status / <criterion>_justification pairs with status one of Met / Unmet / N/A / ? — based on the current state of ctm: MIT license, GitHub Issues + private security advisories, GitHub Releases with checksums, SonarCloud + CodeQL on every push, 85.2% coverage, argon2id auth (V27), and so on. Result: 58 Met / 3 Unmet / 6 N/A / 0 ?. The 3 Unmet are the documentation gaps (CONTRIBUTING.md, SECURITY.md, formal vuln-report process); they're tracked as follow-ups so the answers stay honest rather than aspirational. .github/workflows/bestpractices.yml lints the file on every push that touches it: validates JSON parses, status values are in the allowed set, every _status has a paired _justification, every passing-tier criterion is present, and there are no unknown / typo'd criterion keys (against the upstream criteria list mirrored in the workflow). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The OpenSSF Best Practices BadgeApp at bestpractices.dev reads a repo's `.bestpractices.json` on demand to populate proposed answers when the maintainer clicks "Save (and continue) 🤖" on the project's edit page (per docs/bestpractices-json.md upstream).
This PR lands the project's source-of-truth answers for the 67 passing-tier criteria, plus a lint workflow.
`.bestpractices.json` — flat `_status` / `_justification` pairs.
`.github/workflows/bestpractices.yml` — lints the file on every push or PR that touches it. Validates:
The lint runs in plain Python 3 (no extra deps).
Follow-up to register the project
Test plan
🤖 Generated with Claude Code